def testProcess(self, unused_MockAttachDisk, mock_Delete, mock_Snapshot,
mock_FindDisks, mock_CreateDiskFromSnapshot,
mock_StartAnalysisVm, mock_AddLabels, mock_GetBootDisk):
"""Tests the collector's Process() function."""
mock_StartAnalysisVm.return_value = (FAKE_ANALYSIS_VM, None)
mock_FindDisks.return_value = [
gcp.GoogleComputeDisk(FAKE_PROJECT, 'fake_zone', 'disk1')
]
mock_CreateDiskFromSnapshot.return_value = FAKE_DISK_COPY
mock_Snapshot.return_value = FAKE_SNAPSHOT
FAKE_ANALYSIS_VM.AddLabels = mock_AddLabels
FAKE_ANALYSIS_VM.GetBootDisk = mock_GetBootDisk
FAKE_DISK_COPY.AddLabels = mock_AddLabels
test_state = state.DFTimewolfState(config.Config)
gcloud_collector = gcloud.GoogleCloudCollector(test_state)
gcloud_collector.SetUp(
'test-analysis-project-name',
'test-target-project-name',
'fake_incident_id',
'fake_zone',
42.0,
16,
remote_instance_name='my-owned-instance',
)
gcloud_collector.Process()
mock_Snapshot.assert_called_once()
mock_CreateDiskFromSnapshot.assert_called_with(
FAKE_SNAPSHOT, disk_name_prefix='incidentfake_incident_id')
mock_Delete.assert_called_once()
self.assertEqual(test_state.output[0][0], 'fake-analysis-vm')
self.assertEqual(test_state.output[0][1].name, 'disk1-copy')
mock_AddLabels.assert_has_calls(
[mock.call({'incident_id': 'fake_incident_id'})])
import six
from libcloudforensics import gcp
# For the forensics analysis
FAKE_ANALYSIS_PROJECT = gcp.GoogleCloudProject('fake-target-project',
'fake-zone')
FAKE_ANALYSIS_VM = gcp.GoogleComputeInstance(FAKE_ANALYSIS_PROJECT,
'fake-zone', 'fake-analysis-vm')
# Source project with the instance that needs forensicating
FAKE_SOURCE_PROJECT = gcp.GoogleCloudProject('fake-source-project',
'fake-zone')
FAKE_INSTANCE = gcp.GoogleComputeInstance(FAKE_SOURCE_PROJECT, 'fake-zone',
'fake-instance')
FAKE_DISK = gcp.GoogleComputeDisk(FAKE_SOURCE_PROJECT, 'fake-zone',
'fake-disk')
FAKE_BOOT_DISK = gcp.GoogleComputeDisk(FAKE_SOURCE_PROJECT, 'fake-zone',
'fake-boot-disk')
FAKE_SNAPSHOT = gcp.GoogleComputeSnapshot(FAKE_DISK, 'fake-snapshot')
FAKE_SNAPSHOT_LONG_NAME = gcp.GoogleComputeSnapshot(
FAKE_DISK,
'this-is-a-kind-of-long-fake-snapshot-name-and-is-definitely-over-63-chars'
)
FAKE_DISK_COPY = gcp.GoogleComputeDisk(FAKE_SOURCE_PROJECT, 'fake-zone',
'fake-disk-copy')
FAKE_LOGS = gcp.GoogleCloudLog('fake-target-project')
FAKE_LOG_LIST = [
'projects/fake-target-project/logs/GCEGuestAgent',
'projects/fake-target-project/logs/OSConfigAgent'
]
FAKE_LOG_ENTRIES = [{
def ReturnFakeDisk(disk_name):
"""Generate fake GoogleCloudComputeDisk objects depending on provided name."""
return gcp.GoogleComputeDisk(FAKE_PROJECT, 'fakezone', disk_name)
import unittest
import mock
from libcloudforensics import gcp
from dftimewolf import config
from dftimewolf.lib import state
from dftimewolf.lib.collectors import gcloud
FAKE_PROJECT = gcp.GoogleCloudProject('test-target-project-name', 'fake_zone')
FAKE_ANALYSIS_VM = gcp.GoogleComputeInstance(FAKE_PROJECT, 'fake_zone',
'fake-analysis-vm')
FAKE_INSTANCE = gcp.GoogleComputeInstance(FAKE_PROJECT, 'fake_zone',
'fake-instance')
FAKE_DISK = gcp.GoogleComputeDisk(FAKE_PROJECT, 'fake_zone', 'disk1')
FAKE_BOOT_DISK = gcp.GoogleComputeDisk(FAKE_PROJECT, 'fake_zone', 'bootdisk')
FAKE_SNAPSHOT = gcp.GoogleComputeSnapshot(FAKE_DISK, FAKE_PROJECT)
FAKE_DISK_COPY = gcp.GoogleComputeDisk(FAKE_PROJECT, 'fake_zone', 'disk1-copy')
def ReturnFakeDisk(disk_name):
"""Generate fake GoogleCloudComputeDisk objects depending on provided name."""
return gcp.GoogleComputeDisk(FAKE_PROJECT, 'fakezone', disk_name)
class GoogleCloudCollectorTest(unittest.TestCase):
"""Tests for the GCloud collector."""
def testInitialization(self):
"""Tests that the collector can be initialized."""
test_state = state.DFTimewolfState(config.Config)