def test_create_byte_match_set(self):
'''Test that when we create an bytematch set, we perform the expected client
calls.
'''
goal = self.create_goal('apply')
byte_match_set = self.aws.add_byte_match_set(name='my-byte-match-set')
apply = goal.get_service(byte_match_set, 'apply')
stub = Stubber(apply.client)
stub.add_response(
'get_change_token',
expected_params={},
service_response={'ChangeToken': 'mychangetoken1'},
)
stub.add_response(
'create_byte_match_set',
expected_params={
'ChangeToken': 'mychangetoken1',
'Name': 'my-byte-match-set',
},
service_response={
'ChangeToken': 'mychangetoken1'
},
)
action = apply.create_object()
with stub:
action.run()
def test_annotate_ip_set(self):
'''Test that when we annotate an ipset, we gain the expected data.'''
goal = self.create_goal('get')
ip_set = self.aws.add_ip_set(name='my-ip-set')
describe = goal.get_service(ip_set, 'describe')
stub = Stubber(describe.client)
stub.add_response(
'get_ip_set',
expected_params={'IPSetId': 'my-ip-set-id'},
service_response={'IPSet': {
'IPSetId': 'my-ip-set-id',
'IPSetDescriptors': [{'Type': 'IPV4', 'Value': '10.0.0.1/32'}]
}},
)
with stub:
obj = describe.annotate_object({
'IPSetId': 'my-ip-set-id',
})
assert obj == {
'IPSetId': 'my-ip-set-id',
'IPSetDescriptors': [{
'Type': 'IPV4',
'Value': '10.0.0.1/32',
}],
}
def test_create_web_acl(self):
'''Test that when we create a web_acl, we perform the expected client
calls.
'''
goal = self.create_goal('apply')
web_acl = self.aws.add_web_acl(name='my-web-acl', metric_name='mymetric', default_action='BLOCK')
apply = goal.get_service(web_acl, 'apply')
stub = Stubber(apply.client)
stub.add_response(
'get_change_token',
expected_params={},
service_response={'ChangeToken': 'mychangetoken1'},
)
stub.add_response(
'create_web_acl',
expected_params={
'ChangeToken': 'mychangetoken1',
'Name': 'my-web-acl',
'MetricName': 'mymetric',
'DefaultAction': {
'Type': 'BLOCK',
}
},
service_response={
'ChangeToken': 'mychangetoken1'
},
)
action = apply.create_object()
with stub:
action.run()
def test_create_rule(self):
'''Test that when we create a rule, we perform the expected client
calls.
'''
goal = self.create_goal('apply')
rule = self.aws.add_rule(name='myrule', metric_name='mymetric')
apply = goal.get_service(rule, 'apply')
stub = Stubber(apply.client)
stub.add_response(
'get_change_token',
expected_params={},
service_response={'ChangeToken': 'mychangetoken1'},
)
stub.add_response(
'create_rule',
expected_params={
'ChangeToken': 'mychangetoken1',
'Name': 'myrule',
'MetricName': 'mymetric'},
service_response={
'ChangeToken': 'mychangetoken1'
},
)
action = apply.create_object()
with stub:
action.run()
def test_annotate_rule(self):
'''Test that when we annotate a rule, we gain the expected data.'''
goal = self.create_goal('get')
rule = self.aws.add_rule(name='myrule')
describe = goal.get_service(rule, 'describe')
stub = Stubber(describe.client)
stub.add_response(
'get_rule',
expected_params={'RuleId': 'my-rule-id'},
service_response={'Rule': {
'RuleId': 'my-rule-id',
'Predicates': [{
'Negated': True,
'Type': 'test',
'DataId': 'dummy',
}],
}},
)
# When annotating this rule, we should get an object populated
# with the data from the predicates.
with stub:
obj = describe.annotate_object({
'RuleId': 'my-rule-id'
})
assert obj == {
'RuleId': 'my-rule-id',
'Predicates': [{
'Negated': True,
'Type': 'test',
'DataId': 'dummy',
}],
}
def test_update_web_acl_with_active_rules(self):
'''Test that when we update a web_acl to have a rule, we pass the
information to link the web_acl to the match.
'''
goal = self.create_goal('apply')
rule = self.aws.add_rule(
name='my-ip-set',
metric_name='my-metric-name')
apply = goal.get_service(rule, 'apply')
apply.object = {
'RuleId': 'my-rule-id',
}
web_acl = self.aws.add_web_acl(
name='my-web-acl',
metric_name='mymetric',
default_action='BLOCK',
activated_rules=[{
'action': 'ALLOW',
'priority': 10,
'rule': rule,
}],
)
apply = goal.get_service(web_acl, 'apply')
apply.object = {
'WebACLId': 'my-web-acl-id',
}
stub = Stubber(apply.client)
stub.add_response(
'get_change_token',
expected_params={},
service_response={'ChangeToken': 'mychangetoken1'},
)
stub.add_response(
'update_web_acl',
expected_params={
'ChangeToken': 'mychangetoken1',
'Updates': [{
'Action': 'INSERT',
'ActivatedRule': {
'RuleId': 'my-rule-id',
'Priority': 10,
'Action': {'Type': 'ALLOW'},
},
}],
'WebACLId': 'my-web-acl-id'},
service_response={
'ChangeToken': 'mychangetoken1'
},
)
with stub:
for action in apply.update_object():
action.run()
def test_update_byte_match_set_with_tuple(self):
'''Test that when we update a byte_match_set to have a tuple, we pass
the information to link the tuple to the byte match set.
'''
goal = self.create_goal('apply')
byte_match_set = self.aws.add_byte_match_set(
name='my-byte-match-set',
byte_matches=[{
'field': 'URI',
'transformation': 'LOWERCASE',
'position': 'STARTS_WITH',
'target': 'test_bad_string'}
],
)
apply = goal.get_service(byte_match_set, 'apply')
apply.object = {
'ByteMatchSetId': 'my-byte-match-set-id',
}
stub = Stubber(apply.client)
stub.add_response(
'get_change_token',
expected_params={},
service_response={'ChangeToken': 'mychangetoken1'},
)
stub.add_response(
'update_byte_match_set',
expected_params={
'ChangeToken': 'mychangetoken1',
'Updates': [{
'Action': 'INSERT',
'ByteMatchTuple': {
'FieldToMatch': {
'Type': 'URI',
},
'PositionalConstraint': 'STARTS_WITH',
'TargetString': 'test_bad_string',
'TextTransformation': 'LOWERCASE',
}
}],
'ByteMatchSetId': 'my-byte-match-set-id',
},
service_response={
'ChangeToken': 'mychangetoken1'
},
)
with stub:
for action in apply.update_object():
action.run()
def test_delete_byte_match_set(self):
'''Test that the plan for deleting an byte_match_set performs the right
actions.
'''
goal = self.create_goal('destroy')
byte_match_set = self.aws.add_byte_match_set(name='my-byte-match-set')
destroy = goal.get_service(byte_match_set, 'destroy')
destroy.object = {
'ByteMatchSetId': 'my-byte-match-set-id',
'ByteMatchTuples': [{
'FieldToMatch': {'Type': 'test_match_type'},
'TargetString': 'test_target',
'TextTransformation': 'test_transformation',
'PositionalConstraint': 'test_constraint',
}],
}
stub = Stubber(destroy.client)
stub.add_response(
'get_change_token',
expected_params={},
service_response={'ChangeToken': 'mychangetoken1'},
)
stub.add_response(
'update_byte_match_set',
expected_params={
'ChangeToken': 'mychangetoken1',
'Updates': [{
'Action': 'DELETE',
'ByteMatchTuple': {
'FieldToMatch': {'Type': 'test_match_type'},
'TargetString': 'test_target',
'TextTransformation': 'test_transformation',
'PositionalConstraint': 'test_constraint',
},
}],
'ByteMatchSetId': 'my-byte-match-set-id'},
service_response={'ChangeToken': 'mychangetoken1'}
)
stub.add_response(
'get_change_token',
expected_params={},
service_response={'ChangeToken': 'mychangetoken2'},
)
stub.add_response(
'delete_byte_match_set',
expected_params={
'ChangeToken': 'mychangetoken2',
'ByteMatchSetId': 'my-byte-match-set-id'},
service_response={'ChangeToken': 'mychangetoken2'},
)
actions = destroy.destroy_object()
with stub:
for action in actions:
action.run()
def test_update_rule_with_predicates(self):
'''Test that when we update a rule to have a predicate, we pass the
information to link the rule to the match.
'''
goal = self.create_goal('apply')
ip_set = self.aws.add_ip_set(
name='my-ip-set',
addresses=[])
apply = goal.get_service(ip_set, 'apply')
apply.object = {
'IPSetId': 'my-ip-set-id',
}
rule = self.aws.add_rule(
name='myrule',
metric_name='mymetric',
predicates=[
{'ip_set': ip_set}])
apply = goal.get_service(rule, 'apply')
apply.object = {
'RuleId': 'my-rule-id',
}
stub = Stubber(apply.client)
stub.add_response(
'get_change_token',
expected_params={},
service_response={'ChangeToken': 'mychangetoken1'},
)
stub.add_response(
'update_rule',
expected_params={
'ChangeToken': 'mychangetoken1',
'Updates': [{
'Action': 'INSERT',
'Predicate': {
'Negated': False,
'Type': 'IPMatch',
'DataId': 'my-ip-set-id'}}],
'RuleId': 'my-rule-id'},
service_response={
'ChangeToken': 'mychangetoken1'
},
)
with stub:
for action in apply.update_object():
action.run()
def test_delete_web_acl(self):
'''Test that the plan for deleting a web_acl has expected actions.'''
goal = self.create_goal('destroy')
web_acl = self.aws.add_web_acl(name='my-web-acl', metric_name='mymetric')
destroy = goal.get_service(web_acl, 'destroy')
destroy.object = {
'WebACLId': 'my-web-acl-id',
'Rules': [{
'Priority': 10,
'RuleId': 'my-rule-id',
'Action': {
'Type': 'BLOCK',
},
}],
}
stub = Stubber(destroy.client)
stub.add_response(
'get_change_token',
expected_params={},
service_response={'ChangeToken': 'mychangetoken1'},
)
stub.add_response(
'update_web_acl',
expected_params={
'ChangeToken': 'mychangetoken1',
'Updates': [{
'Action': 'DELETE',
'ActivatedRule': {
'Action': {'Type': 'BLOCK'},
'Priority': 10,
'RuleId': 'my-rule-id',
}
}],
'WebACLId': 'my-web-acl-id'},
service_response={'ChangeToken': 'mychangetoken1'}
)
stub.add_response(
'get_change_token',
expected_params={},
service_response={'ChangeToken': 'mychangetoken2'},
)
stub.add_response(
'delete_web_acl',
expected_params={
'ChangeToken': 'mychangetoken2',
'WebACLId': 'my-web-acl-id'},
service_response={'ChangeToken': 'mychangetoken2'},
)
actions = destroy.destroy_object()
with stub:
for action in actions:
action.run()
def test_delete_ip_set(self):
'''Test that the plan for deleting an ip_set performs the right
actions.
'''
goal = self.create_goal('destroy')
ip_set = self.aws.add_ip_set(name='my-ip-set')
destroy = goal.get_service(ip_set, 'destroy')
destroy.object = {
'IPSetId': 'my-ip-set-id',
'IPSetDescriptors': [{
'Type': 'IPV4',
'Value': '10.0.0.1/32',
}],
}
stub = Stubber(destroy.client)
stub.add_response(
'get_change_token',
expected_params={},
service_response={'ChangeToken': 'mychangetoken1'},
)
stub.add_response(
'update_ip_set',
expected_params={
'ChangeToken': 'mychangetoken1',
'Updates': [{
'Action': 'DELETE',
'IPSetDescriptor': {
'Type': 'IPV4',
'Value': '10.0.0.1/32'}
}],
'IPSetId': 'my-ip-set-id'},
service_response={'ChangeToken': 'mychangetoken1'}
)
stub.add_response(
'get_change_token',
expected_params={},
service_response={'ChangeToken': 'mychangetoken2'},
)
stub.add_response(
'delete_ip_set',
expected_params={
'ChangeToken': 'mychangetoken2',
'IPSetId': 'my-ip-set-id'},
service_response={'ChangeToken': 'mychangetoken2'},
)
actions = destroy.destroy_object()
with stub:
for action in actions:
action.run()
def test_annotate_web_acl(self):
'''Test that when we annotate a web acl, we gain the expected data.'''
goal = self.create_goal('get')
web_acl = self.aws.add_web_acl(name='my-web-acl')
describe = goal.get_service(web_acl, 'describe')
stub = Stubber(describe.client)
stub.add_response(
'get_web_acl',
expected_params={'WebACLId': 'my-web-acl-id'},
service_response={
'WebACL': {
'WebACLId': 'my-web-acl-id',
'DefaultAction': {
'Type': 'BLOCK',
},
'Rules': [{
'RuleId': 'my-rule-id',
'Priority': 10,
'Action': {
'Type': 'ALLOW',
},
}],
}
},
)
with stub:
obj = describe.annotate_object({
'WebACLId': 'my-web-acl-id'
})
assert obj == {
'WebACLId': 'my-web-acl-id',
'DefaultAction': {
'Type': 'BLOCK',
},
'Rules': [{
'RuleId': 'my-rule-id',
'Priority': 10,
'Action': {
'Type': 'ALLOW',
},
}],
}
def test_delete_rule(self):
'''Test that the plan for deleting a rule has expected actions.'''
goal = self.create_goal('destroy')
rule = self.aws.add_rule(name='myrule', metric_name='mymetric')
destroy = goal.get_service(rule, 'destroy')
destroy.object = {
'RuleId': 'my-rule-id',
'Predicates': [{
'Negated': True,
'Type': 'test',
'DataId': 'dummy',
}],
}
stub = Stubber(destroy.client)
stub.add_response(
'get_change_token',
expected_params={},
service_response={'ChangeToken': 'mychangetoken1'},
)
stub.add_response(
'update_rule',
expected_params={
'ChangeToken': 'mychangetoken1',
'Updates': [{
'Action': 'DELETE',
'Predicate': {
'Negated': True,
'Type': 'test',
'DataId': 'dummy'}}],
'RuleId': 'my-rule-id'},
service_response={'ChangeToken': 'mychangetoken1'}
)
stub.add_response(
'get_change_token',
expected_params={},
service_response={'ChangeToken': 'mychangetoken2'},
)
stub.add_response(
'delete_rule',
expected_params={
'ChangeToken': 'mychangetoken2',
'RuleId': 'my-rule-id'},
service_response={'ChangeToken': 'mychangetoken2'},
)
actions = destroy.destroy_object()
with stub:
for action in actions:
action.run()
def test_update_ip_set_with_descriptors(self):
'''Test that when we update a ip_set to have a descriptor, we pass the
information to link the ip set to the descriptor.
'''
goal = self.create_goal('apply')
ip_set = self.aws.add_ip_set(
name='my-ip-set',
addresses=[
'10.0.0.1/32'
],
)
apply = goal.get_service(ip_set, 'apply')
apply.object = {
'IPSetId': 'my-ip-set-id',
}
stub = Stubber(apply.client)
stub.add_response(
'get_change_token',
expected_params={},
service_response={'ChangeToken': 'mychangetoken1'},
)
stub.add_response(
'update_ip_set',
expected_params={
'ChangeToken': 'mychangetoken1',
'Updates': [{
'Action': 'INSERT',
'IPSetDescriptor': {
'Type': 'IPV4',
'Value': '10.0.0.1/32'}}],
'IPSetId': 'my-ip-set-id'},
service_response={
'ChangeToken': 'mychangetoken1'
},
)
with stub:
for action in apply.update_object():
action.run()
def test_annotate_byte_match(self):
'''Test that when we annotate an , we gain the expected data.'''
goal = self.create_goal('get')
# TODO: standardise naming - eg 'byte_match.py' vs
# 'ip_set.py'. Should both be _set.
byte_match_set = self.aws.add_byte_match_set(name='my-byte-match')
describe = goal.get_service(byte_match_set, 'describe')
stub = Stubber(describe.client)
stub.add_response(
'get_byte_match_set',
expected_params={'ByteMatchSetId': 'my-byte-match-set-id'},
service_response={'ByteMatchSet': {
'ByteMatchSetId': 'my-byte-match',
'ByteMatchTuples': [{
'FieldToMatch': {'Type': 'test_match_type'},
'TargetString': 'test_target',
'TextTransformation': 'test_transformation',
'PositionalConstraint': 'test_constraint',
}],
}},
)
with stub:
obj = describe.annotate_object({
'ByteMatchSetId': 'my-byte-match-set-id',
})
assert obj == {
'ByteMatchSetId': 'my-byte-match',
'ByteMatchTuples': [{
'FieldToMatch': {'Type': 'test_match_type'},
'TargetString': 'test_target',
'TextTransformation': 'test_transformation',
'PositionalConstraint': 'test_constraint'}],
}