def test_create_excluded_resources_handler_success_case_not_exists_data_create(
self):
# perpare data test
mock_pm_affiliation.create(data_pm_affiliation)
mock_pm_awsAccountCoops.create(data_pm_aws_account_coops)
# Call function test
actual_response = checkitemsettings.create_excluded_resources_handler(
event_mock, {})
# Get data response
actual_status_code = actual_response['statusCode']
actual_response_body = json.loads(actual_response['body'])
# Check data
self.assertEqual(HTTPStatus.CREATED, actual_status_code)
self.assertEqual(data_pm_exclusion_resources["OrganizationID"],
actual_response_body["organizationId"])
self.assertEqual(data_pm_exclusion_resources["ProjectID"],
actual_response_body["projectId"])
self.assertEqual(data_pm_aws_account_coops["AWSAccount"],
actual_response_body["awsAccount"])
self.assertEqual(data_pm_exclusion_resources["CheckItemCode"],
actual_response_body["checkItemCode"])
self.assertEqual(data_pm_exclusion_resources["RegionName"],
actual_response_body["regionName"])
self.assertEqual(data_pm_exclusion_resources["ResourceName"],
actual_response_body["resourceName"])
self.assertEqual(data_pm_exclusion_resources["ResourceType"],
actual_response_body["resourceType"])
self.assertEqual(data_pm_exclusion_resources["ExclusionComment"],
actual_response_body["exclusionComment"])
def test_list_item_settings_handler_success_case_not_exists_data_exclusion_resource(
self):
# perpare data test
mock_pm_affiliation.create(data_pm_affiliation)
mock_pm_projects.create(data_pm_projects)
mock_pm_awsAccountCoops.create(data_pm_aws_account_coops)
# Call function test
actual_response = checkitemsettings.list_item_settings_handler(
event_mock, {})
# Get data response
actual_status_code = actual_response['statusCode']
actual_response_bodys = json.loads(actual_response['body'])
# Check data
self.assertEqual(HTTPStatus.OK, actual_status_code)
for actual_response_body in actual_response_bodys:
if actual_response_body[
"checkItemCode"] in LIST_CHECK_ITEM_CODE_EXCLUDED_RESOURCE:
self.assertEqual(ExcludedResourceFlag.Disable,
actual_response_body["excludedResourceFlag"])
else:
self.assertEqual(ExcludedResourceFlag.Other,
actual_response_body["excludedResourceFlag"])
def test_get_excluded_resources_handler_success_case_exists_excluded_resource(
self):
# perpare data test
mock_pm_affiliation.create(data_pm_affiliation)
mock_pm_awsAccountCoops.create(data_pm_aws_account_coops)
# create record pm_exclusionResources
mock_pm_exclusionResources.create(data_pm_exclusion_resources)
# Call function test
actual_response = checkitemsettings.get_excluded_resources_handler(
event_mock, {})
# get record pm_exclusionResources
expected_exclusion_resources = mock_pm_exclusionResources.query_key(
data_pm_exclusion_resources['ExclusionResourceID'])
# Get data response
actual_status_code = actual_response['statusCode']
actual_response_body = json.loads(actual_response['body'])
# Check data
self.assertEqual(HTTPStatus.OK, actual_status_code)
self.assertEqual(1, len(actual_response_body))
self.assertEqual(12, len(actual_response_body[0]))
self.assertEqual(expected_exclusion_resources['ExclusionResourceID'],
actual_response_body[0]['id'])
self.assertEqual(expected_exclusion_resources['OrganizationID'],
actual_response_body[0]['organizationId'])
self.assertEqual(expected_exclusion_resources['ProjectID'],
actual_response_body[0]['projectId'])
self.assertEqual(expected_exclusion_resources['AWSAccount'],
actual_response_body[0]['awsAccount'])
self.assertEqual(expected_exclusion_resources['CheckItemCode'],
actual_response_body[0]['checkItemCode'])
self.assertEqual(expected_exclusion_resources['RegionName'],
actual_response_body[0]['regionName'])
self.assertEqual(expected_exclusion_resources['ResourceName'],
actual_response_body[0]['resourceName'])
self.assertEqual(expected_exclusion_resources['ResourceType'],
actual_response_body[0]['resourceType'])
self.assertEqual(expected_exclusion_resources['ExclusionComment'],
actual_response_body[0]['exclusionComment'])
self.assertEqual(expected_exclusion_resources['MailAddress'],
actual_response_body[0]['mailAddress'])
self.assertEqual(expected_exclusion_resources['CreatedAt'],
actual_response_body[0]['createdAt'])
self.assertEqual(expected_exclusion_resources['UpdatedAt'],
actual_response_body[0]['updatedAt'])
def test_create_excluded_resources_handler_success_case_exists_data_create(
self):
# perpare data test
body_update = {
"regionName": data_pm_exclusion_resources['RegionName'],
"resourceType": data_pm_exclusion_resources['ResourceType'],
"resourceName": data_pm_exclusion_resources['ResourceName'],
"exclusionComment": exclusion_comment_update
}
event_mock_update = event_create.get_event_object(
trace_id=copy.deepcopy(DataCommon.USER_ID_TEST.format(str(3))),
path_parameters=path_parameters,
body=json.dumps(body_update))
mock_pm_affiliation.create(data_pm_affiliation)
mock_pm_awsAccountCoops.create(data_pm_aws_account_coops)
mock_pm_exclusionResources.create(data_pm_exclusion_resources)
# Call function test
actual_response = checkitemsettings.create_excluded_resources_handler(
event_mock_update, {})
# Get data response
actual_status_code = actual_response['statusCode']
actual_response_body = json.loads(actual_response['body'])
# Check data
self.assertEqual(HTTPStatus.CREATED, actual_status_code)
self.assertEqual(data_pm_exclusion_resources["ExclusionResourceID"],
actual_response_body["id"])
self.assertEqual(data_pm_exclusion_resources["OrganizationID"],
actual_response_body["organizationId"])
self.assertEqual(data_pm_exclusion_resources["ProjectID"],
actual_response_body["projectId"])
self.assertEqual(data_pm_exclusion_resources["AWSAccount"],
actual_response_body["awsAccount"])
self.assertEqual(data_pm_exclusion_resources["CheckItemCode"],
actual_response_body["checkItemCode"])
self.assertEqual(data_pm_exclusion_resources["RegionName"],
actual_response_body["regionName"])
self.assertEqual(data_pm_exclusion_resources["ResourceName"],
actual_response_body["resourceName"])
self.assertEqual(data_pm_exclusion_resources["ResourceType"],
actual_response_body["resourceType"])
self.assertEqual(exclusion_comment_update,
actual_response_body["exclusionComment"])
def test_get_excluded_resources_handler_success_case_not_exists_excluded_resource(
self):
# perpare data test
mock_pm_affiliation.create(data_pm_affiliation)
mock_pm_awsAccountCoops.create(data_pm_aws_account_coops)
# Call function test
actual_response = checkitemsettings.get_excluded_resources_handler(
event_mock, {})
# Get data response
actual_status_code = actual_response['statusCode']
actual_response_body = json.loads(actual_response['body'])
# Check data
self.assertEqual(HTTPStatus.OK, actual_status_code)
self.assertEqual([], actual_response_body)
def test_get_security_check_resource_handler_error_authority(self):
# perpare data test
mock_pm_affiliation.create(
copy.deepcopy(DataPmAffiliation.AFFILIATION_AUTHORITY_VIEWER))
event_mock = event_create.get_event_object(
trace_id="user_not_authority", path_parameters=path_parameters)
# Call function test
actual_response = awschecks.get_security_check_resource_handler(
event_mock, {})
# Check data
message_101 = MsgConst.ERR_101
response_body = json.loads(actual_response['body'])
self.assertEqual(response_body['code'], message_101['code'])
self.assertEqual(response_body['message'], message_101['message'])
self.assertEqual(actual_response['statusCode'], HTTPStatus.FORBIDDEN)
def setUp(self):
super().setUp()
# truncate old data in the table
if db_utils.check_table_exist(Tables.PM_AFFILIATION):
db_utils.delete_table(Tables.PM_AFFILIATION)
if db_utils.check_table_exist(Tables.PM_PROJECTS):
db_utils.delete_table(Tables.PM_PROJECTS)
if db_utils.check_table_exist(Tables.PM_CHECK_HISTORY):
db_utils.delete_table(Tables.PM_CHECK_HISTORY)
# create table
mock_pm_affiliation.create_table()
mock_pm_projects.create_table()
mock_pm_checkHistory.create_table()
# create data table
mock_pm_projects.create(data_pm_project)
mock_pm_affiliation.create(data_pm_affiliation)
def test_create_excluded_resources_handler_error_authority(self):
# perpare data test
mock_pm_affiliation.create(
copy.deepcopy(DataPmAffiliation.AFFILIATION_AUTHORITY_VIEWER))
event_mock = event_create.get_event_object(
trace_id=copy.deepcopy(
DataPmAffiliation.AFFILIATION_AUTHORITY_VIEWER['UserID']),
path_parameters=path_parameters,
body=json.dumps(body))
# Call function test
actual_response = checkitemsettings.create_excluded_resources_handler(
event_mock, {})
# Check data
message_101 = MsgConst.ERR_101
response_body = json.loads(actual_response['body'])
self.assertEqual(response_body['code'], message_101['code'])
self.assertEqual(response_body['message'], message_101['message'])
self.assertEqual(actual_response['statusCode'], HTTPStatus.FORBIDDEN)
def test_get_security_check_resource_handler_success_case_not_exist_record_pm_latest_check_result(
self):
# perpare data test
mock_pm_affiliation.create(data_pm_affiliation)
mock_pm_awsAccountCoops.create(data_pm_aws_account_coops)
event_mock = event_create.get_event_object(
trace_id=copy.deepcopy(DataCommon.USER_ID_TEST.format(str(3))),
path_parameters=path_parameters)
# Call function test
actual_response = awschecks.get_security_check_resource_handler(
event_mock, {})
# Get data response
actual_status_code = actual_response['statusCode']
actual_response_body = json.loads(actual_response['body'])
# Check data
self.assertEqual(HTTPStatus.OK, actual_status_code)
self.assertEqual([], actual_response_body)
def test_delete_excluded_resources_handler_success(self):
# perpare data test
mock_pm_affiliation.create(data_pm_affiliation)
mock_pm_awsAccountCoops.create(data_pm_aws_account_coops)
event_mock = event_create.get_event_object(
trace_id=copy.deepcopy(DataCommon.USER_ID_TEST.format(str(3))),
path_parameters=path_parameters,
query_string_parameters=query_string_parameters)
# create record pm_exclusionResources delete
mock_pm_exclusionResources.create(data_pm_exclusion_resources)
# create record pm_exclusionResources not delete
mock_pm_exclusionResources.create(data_exclusion_resources_not_delete)
# Call function test
actual_response = checkitemsettings.delete_excluded_resources_handler(
event_mock, {})
# get record pm_exclusionResources delete
actual_exclusion_resources_delete = mock_pm_exclusionResources.query_key(
data_pm_exclusion_resources['ExclusionResourceID'])
# get record pm_exclusionResources not delete
actual_exclusion_resources_not_delete = mock_pm_exclusionResources.query_key(
data_exclusion_resources_not_delete['ExclusionResourceID'])
# Get data response
actual_status_code = actual_response['statusCode']
actual_response_body = json.loads(actual_response['body'])
# Check data
self.assertEqual(None, actual_exclusion_resources_delete)
self.assertEqual(None, actual_response_body)
self.assertEqual(HTTPStatus.NO_CONTENT, actual_status_code)
self.assertDictEqual(data_exclusion_resources_not_delete,
actual_exclusion_resources_not_delete)
def test_list_item_settings_handler_success_case_exists_data_exclusion_resource(
self):
# perpare data test
aws_account = copy.deepcopy(DataCommon.AWS_ACCOUNT)
mock_pm_affiliation.create(data_pm_affiliation)
mock_pm_projects.create(data_pm_projects)
mock_pm_awsAccountCoops.create(data_pm_aws_account_coops)
for check_item_code in LIST_CHECK_ITEM_CODE_EXCLUDED_RESOURCE:
data_pm_exclusion_resources[
'ExclusionResourceID'] = common_utils.get_uuid4()
data_pm_exclusion_resources['CheckItemCode'] = check_item_code
data_pm_exclusion_resources['CheckItemRefineCode'] = copy.deepcopy(
DataPmExclusionResources.CHECK_ITEM_REFINE_CODE_TEMPLATE.
format(organization_id, project_id, aws_account,
check_item_code))
data_pm_exclusion_resources['AccountRefineCode'] = copy.deepcopy(
DataPmExclusionResources.ACCOUNT_REFINE_CODE_TEMPLATE.format(
organization_id, project_id, aws_account))
mock_pm_exclusionResources.create(data_pm_exclusion_resources)
# Call function test
actual_response = checkitemsettings.list_item_settings_handler(
event_mock, {})
# Get data response
actual_status_code = actual_response['statusCode']
actual_response_bodys = json.loads(actual_response['body'])
# Check data
self.assertEqual(HTTPStatus.OK, actual_status_code)
for actual_response_body in actual_response_bodys:
if actual_response_body[
"checkItemCode"] in LIST_CHECK_ITEM_CODE_EXCLUDED_RESOURCE:
self.assertEqual(ExcludedResourceFlag.Enable,
actual_response_body["excludedResourceFlag"])
else:
self.assertEqual(ExcludedResourceFlag.Other,
actual_response_body["excludedResourceFlag"])
def test_get_security_check_resource_handler_success_case_exist_record_pm_check_result_items_and_pm_latest_check_result(
self):
# perpare data test
mock_pm_affiliation.create(data_pm_affiliation)
mock_pm_awsAccountCoops.create(data_pm_aws_account_coops)
mock_pm_latestCheckResult.create(data_pm_latest_check_result)
mock_pm_checkResultItems.create(data_pm_check_result_items)
# mock object
patch_read_json = patch('premembers.common.FileUtils.read_json')
# start mock object
mock_read_json = patch_read_json.start()
# mock data
mock_read_json.return_value = data_check_cis12_item_1_21
# addCleanup stop mock object
self.addCleanup(mock_read_json.stop)
event_mock = event_create.get_event_object(
trace_id=copy.deepcopy(DataCommon.USER_ID_TEST.format(str(3))),
path_parameters=path_parameters)
# Call function test
actual_response = awschecks.get_security_check_resource_handler(
event_mock, {})
# Get data response
actual_status_code = actual_response['statusCode']
actual_response_body = json.loads(actual_response['body'])
# Check data
self.assertEqual(HTTPStatus.OK, actual_status_code)
self.assertEqual(1, len(actual_response_body))
actual_response_data = actual_response_body[0]
self.assertEqual(data_pm_check_result_items['CheckResultItemID'],
actual_response_data['id'])
self.assertEqual(data_pm_check_result_items['CheckHistoryID'],
actual_response_data['checkHistoryId'])
self.assertEqual(data_pm_check_result_items['CheckResultID'],
actual_response_data['checkResultId'])
self.assertEqual(data_pm_check_result_items['CheckItemCode'],
actual_response_data['checkItemCode'])
self.assertEqual(data_pm_check_result_items['OrganizationName'],
actual_response_data['organizationName'])
self.assertEqual(data_pm_check_result_items['ProjectName'],
actual_response_data['projectName'])
self.assertEqual(data_pm_check_result_items['AWSAccount'],
actual_response_data['awsAccount'])
self.assertEqual(data_pm_check_result_items['AWSAccountName'],
actual_response_data['awsAccountName'])
self.assertEqual(data_pm_check_result_items['ExclusionFlag'],
actual_response_data['exclusionFlag'])
self.assertEqual(data_pm_check_result_items['CheckResult'],
actual_response_data['checkResult'])
self.assertListEqual(data_check_cis12_item_1_21['CheckResults'],
actual_response_data['resources'])
self.assertEqual(data_pm_check_result_items['CreatedAt'],
actual_response_data['createdAt'])
self.assertEqual(data_pm_check_result_items['UpdatedAt'],
actual_response_data['updatedAt'])
def test_execute_change_email_handler_success_case_caller_service_name_is_insightwatch(self):
# perpare data test
for affiliation in list_affiliations:
mock_pm_affiliation.create(affiliation)
for org_notify_mail_destination in list_org_notify_mail_destinations:
mock_pm_orgNotifyMailDestinations.create(
org_notify_mail_destination)
mock_pm_emailChangeApply.create(
data_insert_caller_service_name_insightwatch)
# patch mock
get_cognito_user_info_by_user_name_patch = patch(
'premembers.common.aws_common.get_cognito_user_info_by_user_name')
update_cognito_user_attributes_patch = patch(
'premembers.common.aws_common.update_cognito_user_attributes')
patch_read_yaml = patch('premembers.common.FileUtils.read_yaml')
# start mock object
mock_get_cognito_user_info_by_user_name = get_cognito_user_info_by_user_name_patch.start()
mock_update_cognito_user_attributes = update_cognito_user_attributes_patch.start()
mock_read_yaml = patch_read_yaml.start()
# mock data
mock_get_cognito_user_info_by_user_name.return_value = user_info
mock_update_cognito_user_attributes.return_value = None
mock_read_yaml.return_value = data_config
# addCleanup stop mock object
self.addCleanup(get_cognito_user_info_by_user_name_patch.stop)
self.addCleanup(update_cognito_user_attributes_patch.stop)
self.addCleanup(patch_read_yaml.stop)
# Call function test
result = user.execute_change_email_handler(event_mock, {})
# Check data
status_code = result['statusCode']
response_body = result['body']
response_headers = result['headers']
self.assertEqual(HTTPStatus.OK.value, status_code)
self.assertEqual(
response_execute_change_email_caller_service_insightwatch,
response_body)
self.assertEqual(content_type_text_html,
response_headers['content-type'])
# check update data table PM_OrgNotifyMailDestinations
for affiliation in list_affiliations:
org_notify_mail_destinations = mock_pm_orgNotifyMailDestinations.query_key(
affiliation['OrganizationID'], notify_code)
for destination in org_notify_mail_destinations['Destinations']:
self.assertEqual(after_mail_address,
destination['MailAddress'])
# check update data table PM_Affiliation
list_affiliations_update = mock_pm_affiliation.query_userid_key(
user_id)
for affiliation_update in list_affiliations_update:
self.assertEqual(after_mail_address,
affiliation_update['MailAddress'])
# check delete data table PM_EmailChangeApply
email_change_apply = mock_pm_emailChangeApply.query_key(apply_id)
self.assertEqual(None, email_change_apply)
# check param call function get_cognito_user_info_by_user_name
mock_get_cognito_user_info_by_user_name.assert_called_once_with(
apply_id, user_id)
# check param call function update_cognito_user_attributes
mock_update_cognito_user_attributes.update_cognito_user_attributes(
apply_id, user_id, user_attributes)