def test_build_rule_book_from_gcs_works(self, mock_load_rules_from_gcs):
"""Test that a RuleBook is built correctly with a mocked gcs file.
Setup:
* Create a mocked GCS object from a test yaml file.
* Get the yaml file content.
Expected results:
There are 2 resources that have rules, in the rule book.
"""
bucket_name = 'bucket-name'
rules_path = 'input/instance_network_interface_test_rules_1.yaml'
full_rules_path = 'gs://{}/{}'.format(bucket_name, rules_path)
rules_engine = ini.InstanceNetworkInterfaceRulesEngine(
rules_file_path=full_rules_path)
# Read in the rules file
file_content = None
with open(
get_datafile_path(
__file__, 'instance_network_interface_test_rules_1.yaml'),
'r') as rules_local_file:
try:
file_content = yaml.safe_load(rules_local_file)
except yaml.YAMLError:
raise
mock_load_rules_from_gcs.return_value = file_content
rules_engine.build_rule_book()
self.assertEqual(1, len(rules_engine.rule_book.resource_rules_map))
def test_build_rule_book_from_local_yaml_file_works(self):
"""Test that a RuleBook is built correctly
with a yaml file."""
rules_local_path = get_datafile_path(
__file__, 'instance_network_interface_test_rules_1.yaml')
rules_engine = ini.InstanceNetworkInterfaceRulesEngine(
rules_file_path=rules_local_path)
rules_engine.build_rule_book()
self.assertEqual(1, len(rules_engine.rule_book.resource_rules_map))
def test_networks_in_whitelist_and_allowed_projects(self):
"""Test to make sure violations are created"""
rules_local_path = get_datafile_path(
__file__, 'instance_network_interface_test_rules_2.yaml')
rules_engine = ini.InstanceNetworkInterfaceRulesEngine(
rules_local_path)
rules_engine.build_rule_book()
fake_ini_data = (
create_list_of_instence_network_interface_obj_from_data())
actual_violations_list = []
for instance_network_interface in fake_ini_data:
violation = rules_engine.find_policy_violations(
instance_network_interface)
actual_violations_list.extend(violation)
self.assertEqual([], actual_violations_list)
def test_network_in_allowed_project_with_no_external_ip(self):
"""Test to make sure violations are not created where the project
is allowed but not the network is not and there is not an
external ip"""
rules_local_path = get_datafile_path(
__file__, 'instance_network_interface_test_rules_4.yaml')
rules_engine = ini.InstanceNetworkInterfaceRulesEngine(
rules_local_path)
rules_engine.build_rule_book()
fake_ini_data = (
create_list_of_instence_network_interface_obj_from_data())
actual_violations_list = []
for instance_network_interface in fake_ini_data:
violation = rules_engine.find_policy_violations(
instance_network_interface)
actual_violations_list.extend(violation)
self.assertEqual([], actual_violations_list)
def test_network_not_in_allowed_project(self):
"""Test to make sure violations are where the project
is not allowed"""
rules_local_path = get_datafile_path(
__file__, 'instance_network_interface_test_rules_5.yaml')
rules_engine = ini.InstanceNetworkInterfaceRulesEngine(
rules_local_path)
rules_engine.build_rule_book()
fake_ini_data = (
create_list_of_instence_network_interface_obj_from_data())
actual_violations_list = []
for instance_network_interface in fake_ini_data:
violation = rules_engine.find_policy_violations(
instance_network_interface)
actual_violations_list.extend(violation)
self.assertEqual(1, len(actual_violations_list))
self.assertEqual('project-3', actual_violations_list[0].project)
self.assertEqual('network-3', actual_violations_list[0].network)