def test_org_cache(): org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org_id, root_id = build_mock_org(SIMPLE_ORG_SPEC) org._load_client() org._load_org() org._load_accounts() org._load_org_units() org._save_cached_org_to_file() assert os.path.exists(org._cache_file) os.remove(org._cache_file) with pytest.raises(RuntimeError) as e: loaded_dump = org._get_cached_org_from_file() assert str(e.value) == 'Cache file not found' org._save_cached_org_to_file() timestamp = os.path.getmtime(org._cache_file) - 3600 os.utime(org._cache_file, (timestamp, timestamp)) with pytest.raises(RuntimeError) as e: loaded_dump = org._get_cached_org_from_file() assert str(e.value) == 'Cache file too old' org._save_cached_org_to_file() org_dump = org.dump() loaded_dump = org._get_cached_org_from_file() assert loaded_dump == org_dump org_from_cache = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org_from_cache._load_org_dump(loaded_dump) assert org.dump() == org_from_cache.dump()
def test_load_org(): org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) client = org._get_org_client() client.create_organization(FeatureSet='ALL') org._load_client() org._load_org() assert org.id is not None assert org.root_id is not None
def build_mock_org(spec): org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) client = org._get_org_client() client.create_organization(FeatureSet='ALL') org_id = client.describe_organization()['Organization']['Id'] root_id = client.list_roots()['Roots'][0]['Id'] mock_org_from_spec(client, root_id, root_id, yaml.load(spec)['root']) return (org_id, root_id)
def test_load(): org_id, root_id = build_mock_org(SIMPLE_ORG_SPEC) org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) clean_up() assert not os.path.exists(org._cache_dir) assert not os.path.exists(org._cache_file) org.load() print(org._cache_file) assert os.path.exists(org._cache_file) assert org.id == org_id assert org.root_id == root_id assert len(org.accounts) == 3 assert len(org.org_units) == 6 org_from_cache = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org_from_cache.load() assert org.dump() == org_from_cache.dump() clean_up()
def test_jsonfmt(): account = orgs.OrgAccount( orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE), name='account01', id='112233445566', email='*****@*****.**', ) output = orgquery.jsonfmt(account) assert isinstance(output, str)
def test_load_accounts(): org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org_id, root_id = build_mock_org(SIMPLE_ORG_SPEC) org._load_client() org._load_org() org._load_accounts() assert len(org.accounts) == 3 assert isinstance(org.accounts[0], orgs.OrgAccount) assert org.accounts[0].parent_id == org.root_id
def test_load_org_units(): org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org_id, root_id = build_mock_org(SIMPLE_ORG_SPEC) org._load_client() org._load_org() org._load_org_units() assert len(org.org_units) == 6 for ou in org.org_units: assert isinstance(ou, orgs.OrganizationalUnit)
def test_get_org_unit_id(): org_id, root_id = build_mock_org(SIMPLE_ORG_SPEC) org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org.load() ou = org.org_units[0] assert ou.id == org.get_org_unit_id(ou) assert ou.id == org.get_org_unit_id(ou.id) assert ou.id == org.get_org_unit_id(ou.name) clean_up()
def test_load_account_credentials(): org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org_id, root_id = build_mock_org(COMPLEX_ORG_SPEC) org.load() crawler = crawlers.Crawler(org) crawler.load_account_credentials() assert isinstance(crawler.accounts, list) assert len(crawler.accounts) == len(org.accounts) for account in crawler.accounts: assert isinstance(account.credentials, dict)
def test_get_account_id_by_name(): org_id, root_id = build_mock_org(SIMPLE_ORG_SPEC) org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org.load() account_id = org.get_account_id_by_name('account01') accounts_by_boto_client = org._client.list_accounts()['Accounts'] assert account_id == next( (a['Id'] for a in accounts_by_boto_client if a['Name'] == 'account01'), None) clean_up()
def test_get_account(): org_id, root_id = build_mock_org(SIMPLE_ORG_SPEC) org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org.load() account = org.get_account('account01') assert isinstance(account, orgs.OrgAccount) assert org.get_account(account) == account assert account.name == 'account01' assert account.id == org.get_account_id_by_name('account01') clean_up()
def test_crawler_response_init(): org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org_id, root_id = build_mock_org(SIMPLE_ORG_SPEC) org.load() response = crawlers.CrawlerResponse('us-east-1', org.accounts[0]) assert response.region == 'us-east-1' assert isinstance(response.account, orgs.OrgAccount) assert response.payload_output is None assert isinstance(response.timer, crawlers.CrawlerTimer) assert isinstance(response.dump(), dict)
def test_crawler_execution_init(): org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org_id, root_id = build_mock_org(SIMPLE_ORG_SPEC) org.load() execution = crawlers.CrawlerExecution(get_account_alias) assert isfunction(execution.payload) assert execution.name == 'get_account_alias' assert execution.responses == [] assert isinstance(execution.timer, crawlers.CrawlerTimer) assert isinstance(execution.dump(), dict)
def test_list_org_units_in_ou_recursive(): org_id, root_id = build_mock_org(COMPLEX_ORG_SPEC) org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org.load() response = org.list_org_units_in_ou_recursive(root_id) assert len(response) == 6 for ou in response: assert isinstance(ou, orgs.OrganizationalUnit) assert ou.id.startswith('ou-') response = org.list_org_units_in_ou_recursive('ou02') assert len(response) == 2 clean_up()
def test_get_or_update_regions(): org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org_id, root_id = build_mock_org(COMPLEX_ORG_SPEC) org.load() crawler = crawlers.Crawler(org) assert crawler.get_regions() == ALL_REGIONS crawler.update_regions('GLOBAL') assert crawler.get_regions() == [crawlers.DEFAULT_REGION] crawler.update_regions(utils.regions_for_service('iam')) assert crawler.get_regions() == [crawlers.DEFAULT_REGION] crawler.update_regions(ALL_REGIONS) assert crawler.get_regions() == ALL_REGIONS crawler.update_regions(utils.regions_for_service('cloud9')) assert crawler.get_regions() == utils.regions_for_service('cloud9')
def test_yamlfmt(): output = utils.yamlfmt(SIMPLE_ORG_SPEC) assert isinstance(output, str) dt = datetime.datetime.utcnow() output = utils.yamlfmt(dt) assert isinstance(output, str) account = orgs.OrgAccount( orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE), name='account01', id='112233445566', email='*****@*****.**', ) output = utils.yamlfmt(account) assert isinstance(output, str)
def setup_crawler(org_access_role, account_access_role=None, accounts=None, regions=None): """ Returns a fully loaded organizer.crawlers.Crawler object """ master_account_id = get_master_account_id(org_access_role) my_org = orgs.Org(master_account_id, org_access_role) my_org.load() my_crawler = crawlers.Crawler( my_org, access_role=account_access_role, accounts=accounts, regions=regions, ) my_crawler.load_account_credentials() return my_crawler
def test_list_org_units_by_name_or_id(): org_id, root_id = build_mock_org(SIMPLE_ORG_SPEC) org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org.load() response = org.list_org_units_by_name() assert isinstance(response, list) assert len(response) == 6 for ou_name in response: assert ou_name.startswith('ou0') response = org.list_org_units_by_id() assert isinstance(response, list) assert len(response) == 6 for ou_id in response: assert ou_id.startswith('ou-') clean_up()
def test_list_accounts_by_name_or_id(): org_id, root_id = build_mock_org(SIMPLE_ORG_SPEC) org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org.load() mock_account_names = yaml.load(SIMPLE_ORG_SPEC)['root'][0]['accounts'] response = org.list_accounts_by_name() assert isinstance(response, list) assert len(response) == 3 assert sorted(response) == mock_account_names response = org.list_accounts_by_id() assert isinstance(response, list) assert len(response) == 3 for account_id in response: assert re.compile(r'[0-9]{12}').match(account_id) clean_up()
def test_list_accounts_in_ou_recursive(): org_id, root_id = build_mock_org(COMPLEX_ORG_SPEC) org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org.load() response = org.list_accounts_in_ou_recursive(root_id) assert len(response) == 13 for account in response: assert isinstance(account, orgs.OrgAccount) assert account.name.startswith('account') assert re.compile(r'[0-9]{12}').match(account.id) response = org.list_accounts_in_ou_recursive('ou02') assert len(response) == 5 response = org.list_accounts_in_ou_recursive('ou02-1') assert len(response) == 1 clean_up()
def test_dump_org_units(): org_id, root_id = build_mock_org(SIMPLE_ORG_SPEC) org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org.load() response = org.dump_org_units() assert isinstance(response, list) assert len(response) == 6 for ou in response: assert isinstance(ou, dict) assert ou['master_account_id'] == MASTER_ACCOUNT_ID assert ou['organization_id'] == org_id assert ou['name'].startswith('ou0') assert ou['id'].startswith('ou-') assert (ou['parent_id'] == root_id or ou['parent_id'].startswith(root_id.replace('r-', 'ou-'))) clean_up()
def main(command, argument, role, format): """ Arguments: \b COMMAND An organization query command to run ARGUMENT A command argument to supply if needed Available Query Commands: \b dump dump_accounts dump_org_units list_accounts_by_name list_accounts_by_id list_org_units_by_name list_org_units_by_id get_account ACCOUNT_IDENTIFIER get_account_id_by_name ACCOUNT_NAME get_account_name_by_id ACCOUNT_ID get_org_unit_id OU_IDENTIFIER list_accounts_in_ou OU_IDENTIFIER list_accounts_in_ou_recursive OU_IDENTIFIER list_org_units_in_ou OU_IDENTIFIER list_org_units_in_ou_recursive OU_IDENTIFIER Examples: \b orgquery -r OrgMasterRole list_accounts_by_name orgquery -r OrgMasterRole -f json get_account_id_by_name webapps """ if format == 'json': formatter = jsonfmt elif format == 'yaml': formatter = utils.yamlfmt master_account_id = utils.get_master_account_id(role) org = orgs.Org(master_account_id, role) org.load() cmd = eval('org.' + command) if argument: print(formatter(cmd(argument))) else: print(formatter(cmd()))
def test_org_dump(): org_id, root_id = build_mock_org(COMPLEX_ORG_SPEC) org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org.load() crawler = crawlers.Crawler(org) crawler.load_account_credentials() dump = org.dump() assert isinstance(dump, dict) assert dump['id'] assert dump['id'].startswith('o-') assert dump['master_account_id'] == MASTER_ACCOUNT_ID assert dump['root_id'].startswith('r-') assert dump['accounts'] == org.dump_accounts() assert dump['org_units'] == org.dump_org_units() json_dump = org.dump_json() assert isinstance(json_dump, str) assert json.loads(json_dump) == dump clean_up()
def test_dump_accounts(): org_id, root_id = build_mock_org(SIMPLE_ORG_SPEC) org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org.load() response = org.dump_accounts() assert isinstance(response, list) assert len(response) == 3 mock_account_names = yaml.load(SIMPLE_ORG_SPEC)['root'][0]['accounts'] for account in response: assert account['master_account_id'] == MASTER_ACCOUNT_ID assert account['organization_id'] == org_id assert account['name'] in mock_account_names assert re.compile(r'[0-9]{12}').match(account['id']) assert account['parent_id'] == root_id assert account['email'] == account['name'] + '@example.com' assert len(account['aliases']) == 0 assert len(account['credentials']) == 0 clean_up()
def test_list_org_units_in_ou(): org_id, root_id = build_mock_org(COMPLEX_ORG_SPEC) org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org.load() response = org.list_org_units_in_ou(root_id) ou_by_boto_client = org._client.list_organizational_units_for_parent( ParentId=root_id)['OrganizationalUnits'] for org_unit in response: assert org_unit.id == next( (ou['Id'] for ou in ou_by_boto_client if ou['Name'] == org_unit.name), None) response = org.list_org_units_in_ou('ou02') ou_by_boto_client = org._client.list_organizational_units_for_parent( ParentId=org.get_org_unit_id('ou02'))['OrganizationalUnits'] for org_unit in response: assert org_unit.id == next( (ou['Id'] for ou in ou_by_boto_client if ou['Name'] == org_unit.name), None) clean_up()
def test_list_accounts_in_ou(): org_id, root_id = build_mock_org(COMPLEX_ORG_SPEC) org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org.load() response = org.list_accounts_in_ou(root_id) accounts_by_boto_client = org._client.list_accounts_for_parent( ParentId=root_id)['Accounts'] for account in response: assert account.id == next( (a['Id'] for a in accounts_by_boto_client if a['Name'] == account.name), None) response = org.list_accounts_in_ou('ou02') accounts_by_boto_client = org._client.list_accounts_for_parent( ParentId=org.get_org_unit_id('ou02'))['Accounts'] for account in response: assert account.id == next( (a['Id'] for a in accounts_by_boto_client if a['Name'] == account.name), None) clean_up()
def test_org_objects(): org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) client = org._get_org_client() client.create_organization(FeatureSet='ALL') org._load_client() org._load_org() org_object = orgs.OrgObject(org, name='generic') assert isinstance(org_object, orgs.OrgObject) assert org_object.organization_id == org.id assert org_object.master_account_id == org.master_account_id assert org_object.name == 'generic' account = orgs.OrgAccount( org, name='account01', id='112233445566', parent_id=org.root_id, email='*****@*****.**', ) assert isinstance(account, orgs.OrgAccount) assert account.organization_id == org.id assert account.master_account_id == org.master_account_id assert account.name == 'account01' assert account.id == '112233445566' assert account.parent_id == org.root_id assert account.email == '*****@*****.**' ou = orgs.OrganizationalUnit( org, name='production', id='o-jfk0', parent_id=org.root_id, ) assert isinstance(ou, orgs.OrganizationalUnit) assert ou.organization_id == org.id assert ou.master_account_id == org.master_account_id assert ou.name == 'production' assert ou.id == 'o-jfk0' assert ou.parent_id == org.root_id
def test_execute(): org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org_id, root_id = build_mock_org(COMPLEX_ORG_SPEC) org.load() crawler = crawlers.Crawler(org) crawler.load_account_credentials() execution1= crawler.execute(set_account_alias) execution2 = crawler.execute(get_account_alias) assert len(crawler.executions) == 2 assert execution1 == crawler.executions[0] assert execution2 == crawler.executions[1] for execution in crawler.executions: assert isinstance(execution, crawlers.CrawlerExecution) assert len(execution.responses) == len(crawler.accounts) * len(crawler.regions) for response in execution.responses: assert isinstance(response, crawlers.CrawlerResponse) assert crawler.executions[0].name == 'set_account_alias' assert crawler.executions[1].name == 'get_account_alias' for response in crawler.executions[0].responses: assert response.payload_output is None for response in crawler.executions[1].responses: assert isinstance(response.payload_output, list) assert response.payload_output[0].startswith('alias-account') crawler.update_regions(ALL_REGIONS) execution3 = crawler.execute(create_mock_bucket, 'mockbucket') assert len(crawler.executions) == 3 assert len(execution3.responses) == len(crawler.accounts) * len(crawler.regions) for response in execution3.responses: assert response.payload_output['ResponseMetadata']['HTTPStatusCode'] == 200 assert crawler.get_execution('set_account_alias') == crawler.executions[0] assert crawler.get_execution('get_account_alias') == crawler.executions[1] assert crawler.get_execution('create_mock_bucket') == crawler.executions[2] with pytest.raises(SystemExit): bad_execution = crawler.execute(bad_payload_func)
def test__get_org_client(): org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) client = org._get_org_client() assert str(type(client)).find('botocore.client.Organizations') > 0
def test_load_client(): org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org._load_client() assert str(type(org._client)).find('botocore.client.Organizations') > 0