def test_create_byte_match_set(self):
        '''Test that when we create an bytematch set, we perform the expected client
        calls.

        '''
        goal = self.create_goal('apply')
        byte_match_set = self.aws.add_byte_match_set(name='my-byte-match-set')
        apply = goal.get_service(byte_match_set, 'apply')

        stub = Stubber(apply.client)
        stub.add_response(
            'get_change_token',
            expected_params={},
            service_response={'ChangeToken': 'mychangetoken1'},
        )
        stub.add_response(
            'create_byte_match_set',
            expected_params={
                'ChangeToken': 'mychangetoken1',
                'Name': 'my-byte-match-set',
            },
            service_response={
                'ChangeToken': 'mychangetoken1'
            },
        )

        action = apply.create_object()
        with stub:
            action.run()
    def test_annotate_ip_set(self):
        '''Test that when we annotate an ipset, we gain the expected data.'''

        goal = self.create_goal('get')
        ip_set = self.aws.add_ip_set(name='my-ip-set')
        describe = goal.get_service(ip_set, 'describe')

        stub = Stubber(describe.client)
        stub.add_response(
            'get_ip_set',
            expected_params={'IPSetId': 'my-ip-set-id'},
            service_response={'IPSet': {
                'IPSetId': 'my-ip-set-id',
                'IPSetDescriptors': [{'Type': 'IPV4', 'Value': '10.0.0.1/32'}]
            }},
        )

        with stub:
            obj = describe.annotate_object({
                'IPSetId': 'my-ip-set-id',
            })

        assert obj == {
            'IPSetId': 'my-ip-set-id',
            'IPSetDescriptors': [{
                'Type': 'IPV4',
                'Value': '10.0.0.1/32',
            }],
        }
    def test_create_web_acl(self):
        '''Test that when we create a web_acl, we perform the expected client
        calls.

        '''
        goal = self.create_goal('apply')
        web_acl = self.aws.add_web_acl(name='my-web-acl', metric_name='mymetric', default_action='BLOCK')
        apply = goal.get_service(web_acl, 'apply')

        stub = Stubber(apply.client)
        stub.add_response(
            'get_change_token',
            expected_params={},
            service_response={'ChangeToken': 'mychangetoken1'},
        )
        stub.add_response(
            'create_web_acl',
            expected_params={
                'ChangeToken': 'mychangetoken1',
                'Name': 'my-web-acl',
                'MetricName': 'mymetric',
                'DefaultAction': {
                    'Type': 'BLOCK',
                }
            },
            service_response={
                'ChangeToken': 'mychangetoken1'
            },
        )

        action = apply.create_object()
        with stub:
            action.run()
Exemple #4
0
    def test_create_rule(self):
        '''Test that when we create a rule, we perform the expected client
        calls.

        '''
        goal = self.create_goal('apply')
        rule = self.aws.add_rule(name='myrule', metric_name='mymetric')
        apply = goal.get_service(rule, 'apply')

        stub = Stubber(apply.client)
        stub.add_response(
            'get_change_token',
            expected_params={},
            service_response={'ChangeToken': 'mychangetoken1'},
        )
        stub.add_response(
            'create_rule',
            expected_params={
                'ChangeToken': 'mychangetoken1',
                'Name': 'myrule',
                'MetricName': 'mymetric'},
            service_response={
                'ChangeToken': 'mychangetoken1'
            },
        )

        action = apply.create_object()
        with stub:
            action.run()
Exemple #5
0
    def test_annotate_rule(self):
        '''Test that when we annotate a rule, we gain the expected data.'''
        goal = self.create_goal('get')
        rule = self.aws.add_rule(name='myrule')
        describe = goal.get_service(rule, 'describe')

        stub = Stubber(describe.client)
        stub.add_response(
            'get_rule',
            expected_params={'RuleId': 'my-rule-id'},
            service_response={'Rule': {
                'RuleId': 'my-rule-id',
                'Predicates': [{
                    'Negated': True,
                    'Type': 'test',
                    'DataId': 'dummy',
                }],
            }},
        )

        # When annotating this rule, we should get an object populated
        # with the data from the predicates.
        with stub:
            obj = describe.annotate_object({
                'RuleId': 'my-rule-id'
            })

        assert obj == {
            'RuleId': 'my-rule-id',
            'Predicates': [{
                'Negated': True,
                'Type': 'test',
                'DataId': 'dummy',
            }],
        }
    def test_update_web_acl_with_active_rules(self):
        '''Test that when we update a web_acl to have a rule, we pass the
        information to link the web_acl to the match.

        '''
        goal = self.create_goal('apply')

        rule = self.aws.add_rule(
            name='my-ip-set',
            metric_name='my-metric-name')
        apply = goal.get_service(rule, 'apply')
        apply.object = {
            'RuleId': 'my-rule-id',
        }

        web_acl = self.aws.add_web_acl(
            name='my-web-acl',
            metric_name='mymetric',
            default_action='BLOCK',
            activated_rules=[{
                'action': 'ALLOW',
                'priority': 10,
                'rule': rule,
            }],
        )

        apply = goal.get_service(web_acl, 'apply')
        apply.object = {
            'WebACLId': 'my-web-acl-id',
        }

        stub = Stubber(apply.client)
        stub.add_response(
            'get_change_token',
            expected_params={},
            service_response={'ChangeToken': 'mychangetoken1'},
        )
        stub.add_response(
            'update_web_acl',
            expected_params={
                'ChangeToken': 'mychangetoken1',
                'Updates': [{
                    'Action': 'INSERT',
                    'ActivatedRule': {
                        'RuleId': 'my-rule-id',
                        'Priority': 10,
                        'Action': {'Type': 'ALLOW'},
                    },
                }],
                'WebACLId': 'my-web-acl-id'},
            service_response={
                'ChangeToken': 'mychangetoken1'
            },
        )

        with stub:
            for action in apply.update_object():
                action.run()
    def test_update_byte_match_set_with_tuple(self):
        '''Test that when we update a byte_match_set to have a tuple, we pass
        the information to link the tuple to the byte match set.

        '''
        goal = self.create_goal('apply')

        byte_match_set = self.aws.add_byte_match_set(
            name='my-byte-match-set',
            byte_matches=[{
                'field': 'URI',
                'transformation': 'LOWERCASE',
                'position': 'STARTS_WITH',
                'target': 'test_bad_string'}
            ],
        )

        apply = goal.get_service(byte_match_set, 'apply')
        apply.object = {
            'ByteMatchSetId': 'my-byte-match-set-id',
        }

        stub = Stubber(apply.client)
        stub.add_response(
            'get_change_token',
            expected_params={},
            service_response={'ChangeToken': 'mychangetoken1'},
        )
        stub.add_response(
            'update_byte_match_set',
            expected_params={
                'ChangeToken': 'mychangetoken1',
                'Updates': [{
                    'Action': 'INSERT',
                    'ByteMatchTuple': {
                        'FieldToMatch': {
                            'Type': 'URI',
                        },
                        'PositionalConstraint': 'STARTS_WITH',
                        'TargetString': 'test_bad_string',
                        'TextTransformation': 'LOWERCASE',
                    }
                }],
                'ByteMatchSetId': 'my-byte-match-set-id',
            },
            service_response={
                'ChangeToken': 'mychangetoken1'
            },
        )

        with stub:
            for action in apply.update_object():
                action.run()
    def test_delete_byte_match_set(self):
        '''Test that the plan for deleting an byte_match_set performs the right
        actions.

        '''
        goal = self.create_goal('destroy')
        byte_match_set = self.aws.add_byte_match_set(name='my-byte-match-set')
        destroy = goal.get_service(byte_match_set, 'destroy')
        destroy.object = {
            'ByteMatchSetId': 'my-byte-match-set-id',
            'ByteMatchTuples': [{
                'FieldToMatch': {'Type': 'test_match_type'},
                'TargetString': 'test_target',
                'TextTransformation': 'test_transformation',
                'PositionalConstraint': 'test_constraint',
            }],
        }

        stub = Stubber(destroy.client)
        stub.add_response(
            'get_change_token',
            expected_params={},
            service_response={'ChangeToken': 'mychangetoken1'},
        )
        stub.add_response(
            'update_byte_match_set',
            expected_params={
                'ChangeToken': 'mychangetoken1',
                'Updates': [{
                    'Action': 'DELETE',
                    'ByteMatchTuple': {
                        'FieldToMatch': {'Type': 'test_match_type'},
                        'TargetString': 'test_target',
                        'TextTransformation': 'test_transformation',
                        'PositionalConstraint': 'test_constraint',
                    },
                }],
                'ByteMatchSetId': 'my-byte-match-set-id'},
            service_response={'ChangeToken': 'mychangetoken1'}
        )
        stub.add_response(
            'get_change_token',
            expected_params={},
            service_response={'ChangeToken': 'mychangetoken2'},
        )
        stub.add_response(
            'delete_byte_match_set',
            expected_params={
                'ChangeToken': 'mychangetoken2',
                'ByteMatchSetId': 'my-byte-match-set-id'},
            service_response={'ChangeToken': 'mychangetoken2'},
        )
        actions = destroy.destroy_object()

        with stub:
            for action in actions:
                action.run()
Exemple #9
0
    def test_update_rule_with_predicates(self):
        '''Test that when we update a rule to have a predicate, we pass the
        information to link the rule to the match.

        '''
        goal = self.create_goal('apply')

        ip_set = self.aws.add_ip_set(
            name='my-ip-set',
            addresses=[])
        apply = goal.get_service(ip_set, 'apply')
        apply.object = {
            'IPSetId': 'my-ip-set-id',
        }

        rule = self.aws.add_rule(
            name='myrule',
            metric_name='mymetric',
            predicates=[
                {'ip_set': ip_set}])

        apply = goal.get_service(rule, 'apply')
        apply.object = {
            'RuleId': 'my-rule-id',
        }

        stub = Stubber(apply.client)
        stub.add_response(
            'get_change_token',
            expected_params={},
            service_response={'ChangeToken': 'mychangetoken1'},
        )
        stub.add_response(
            'update_rule',
            expected_params={
                'ChangeToken': 'mychangetoken1',
                'Updates': [{
                    'Action': 'INSERT',
                    'Predicate': {
                        'Negated': False,
                        'Type': 'IPMatch',
                        'DataId': 'my-ip-set-id'}}],
                'RuleId': 'my-rule-id'},
            service_response={
                'ChangeToken': 'mychangetoken1'
            },
        )

        with stub:
            for action in apply.update_object():
                action.run()
    def test_delete_web_acl(self):
        '''Test that the plan for deleting a web_acl has expected actions.'''
        goal = self.create_goal('destroy')
        web_acl = self.aws.add_web_acl(name='my-web-acl', metric_name='mymetric')
        destroy = goal.get_service(web_acl, 'destroy')
        destroy.object = {
            'WebACLId': 'my-web-acl-id',
            'Rules': [{
                'Priority': 10,
                'RuleId': 'my-rule-id',
                'Action': {
                    'Type': 'BLOCK',
                },
            }],
        }

        stub = Stubber(destroy.client)
        stub.add_response(
            'get_change_token',
            expected_params={},
            service_response={'ChangeToken': 'mychangetoken1'},
        )
        stub.add_response(
            'update_web_acl',
            expected_params={
                'ChangeToken': 'mychangetoken1',
                'Updates': [{
                    'Action': 'DELETE',
                    'ActivatedRule': {
                        'Action': {'Type': 'BLOCK'},
                        'Priority': 10,
                        'RuleId': 'my-rule-id',
                    }
                }],
                'WebACLId': 'my-web-acl-id'},
            service_response={'ChangeToken': 'mychangetoken1'}
        )
        stub.add_response(
            'get_change_token',
            expected_params={},
            service_response={'ChangeToken': 'mychangetoken2'},
        )
        stub.add_response(
            'delete_web_acl',
            expected_params={
                'ChangeToken': 'mychangetoken2',
                'WebACLId': 'my-web-acl-id'},
            service_response={'ChangeToken': 'mychangetoken2'},
        )
        actions = destroy.destroy_object()

        with stub:
            for action in actions:
                action.run()
    def test_delete_ip_set(self):
        '''Test that the plan for deleting an ip_set performs the right
        actions.

        '''
        goal = self.create_goal('destroy')
        ip_set = self.aws.add_ip_set(name='my-ip-set')
        destroy = goal.get_service(ip_set, 'destroy')
        destroy.object = {
            'IPSetId': 'my-ip-set-id',
            'IPSetDescriptors': [{
                'Type': 'IPV4',
                'Value': '10.0.0.1/32',
            }],
        }

        stub = Stubber(destroy.client)
        stub.add_response(
            'get_change_token',
            expected_params={},
            service_response={'ChangeToken': 'mychangetoken1'},
        )
        stub.add_response(
            'update_ip_set',
            expected_params={
                'ChangeToken': 'mychangetoken1',
                'Updates': [{
                    'Action': 'DELETE',
                    'IPSetDescriptor': {
                        'Type': 'IPV4',
                        'Value': '10.0.0.1/32'}
                }],
                'IPSetId': 'my-ip-set-id'},
            service_response={'ChangeToken': 'mychangetoken1'}
        )
        stub.add_response(
            'get_change_token',
            expected_params={},
            service_response={'ChangeToken': 'mychangetoken2'},
        )
        stub.add_response(
            'delete_ip_set',
            expected_params={
                'ChangeToken': 'mychangetoken2',
                'IPSetId': 'my-ip-set-id'},
            service_response={'ChangeToken': 'mychangetoken2'},
        )
        actions = destroy.destroy_object()

        with stub:
            for action in actions:
                action.run()
    def test_annotate_web_acl(self):
        '''Test that when we annotate a web acl, we gain the expected data.'''
        goal = self.create_goal('get')
        web_acl = self.aws.add_web_acl(name='my-web-acl')
        describe = goal.get_service(web_acl, 'describe')

        stub = Stubber(describe.client)
        stub.add_response(
            'get_web_acl',
            expected_params={'WebACLId': 'my-web-acl-id'},
            service_response={
                'WebACL': {
                    'WebACLId': 'my-web-acl-id',
                    'DefaultAction': {
                        'Type': 'BLOCK',
                    },
                    'Rules': [{
                        'RuleId': 'my-rule-id',
                        'Priority': 10,
                        'Action': {
                            'Type': 'ALLOW',
                        },
                    }],
                }
            },
        )

        with stub:
            obj = describe.annotate_object({
                'WebACLId': 'my-web-acl-id'
            })

        assert obj == {
            'WebACLId': 'my-web-acl-id',
            'DefaultAction': {
                'Type': 'BLOCK',
            },
            'Rules': [{
                'RuleId': 'my-rule-id',
                'Priority': 10,
                'Action': {
                    'Type': 'ALLOW',
                },
            }],
        }
Exemple #13
0
    def test_delete_rule(self):
        '''Test that the plan for deleting a rule has expected actions.'''
        goal = self.create_goal('destroy')
        rule = self.aws.add_rule(name='myrule', metric_name='mymetric')
        destroy = goal.get_service(rule, 'destroy')
        destroy.object = {
            'RuleId': 'my-rule-id',
            'Predicates': [{
                'Negated': True,
                'Type': 'test',
                'DataId': 'dummy',
            }],
        }

        stub = Stubber(destroy.client)
        stub.add_response(
            'get_change_token',
            expected_params={},
            service_response={'ChangeToken': 'mychangetoken1'},
        )
        stub.add_response(
            'update_rule',
            expected_params={
                'ChangeToken': 'mychangetoken1',
                'Updates': [{
                    'Action': 'DELETE',
                    'Predicate': {
                        'Negated': True,
                        'Type': 'test',
                        'DataId': 'dummy'}}],
                'RuleId': 'my-rule-id'},
            service_response={'ChangeToken': 'mychangetoken1'}
        )
        stub.add_response(
            'get_change_token',
            expected_params={},
            service_response={'ChangeToken': 'mychangetoken2'},
        )
        stub.add_response(
            'delete_rule',
            expected_params={
                'ChangeToken': 'mychangetoken2',
                'RuleId': 'my-rule-id'},
            service_response={'ChangeToken': 'mychangetoken2'},
        )
        actions = destroy.destroy_object()

        with stub:
            for action in actions:
                action.run()
    def test_update_ip_set_with_descriptors(self):
        '''Test that when we update a ip_set to have a descriptor, we pass the
        information to link the ip set to the descriptor.

        '''
        goal = self.create_goal('apply')

        ip_set = self.aws.add_ip_set(
            name='my-ip-set',
            addresses=[
                '10.0.0.1/32'
            ],
        )

        apply = goal.get_service(ip_set, 'apply')
        apply.object = {
            'IPSetId': 'my-ip-set-id',
        }

        stub = Stubber(apply.client)
        stub.add_response(
            'get_change_token',
            expected_params={},
            service_response={'ChangeToken': 'mychangetoken1'},
        )
        stub.add_response(
            'update_ip_set',
            expected_params={
                'ChangeToken': 'mychangetoken1',
                'Updates': [{
                    'Action': 'INSERT',
                    'IPSetDescriptor': {
                        'Type': 'IPV4',
                        'Value': '10.0.0.1/32'}}],
                'IPSetId': 'my-ip-set-id'},
            service_response={
                'ChangeToken': 'mychangetoken1'
            },
        )

        with stub:
            for action in apply.update_object():
                action.run()
    def test_annotate_byte_match(self):
        '''Test that when we annotate an , we gain the expected data.'''

        goal = self.create_goal('get')
        # TODO: standardise naming - eg 'byte_match.py' vs
        # 'ip_set.py'. Should both be _set.
        byte_match_set = self.aws.add_byte_match_set(name='my-byte-match')
        describe = goal.get_service(byte_match_set, 'describe')

        stub = Stubber(describe.client)
        stub.add_response(
            'get_byte_match_set',
            expected_params={'ByteMatchSetId': 'my-byte-match-set-id'},
            service_response={'ByteMatchSet': {
                'ByteMatchSetId': 'my-byte-match',
                'ByteMatchTuples': [{
                    'FieldToMatch': {'Type': 'test_match_type'},
                    'TargetString': 'test_target',
                    'TextTransformation': 'test_transformation',
                    'PositionalConstraint': 'test_constraint',
                }],
            }},
        )

        with stub:
            obj = describe.annotate_object({
                'ByteMatchSetId': 'my-byte-match-set-id',
            })

        assert obj == {
            'ByteMatchSetId': 'my-byte-match',
            'ByteMatchTuples': [{
                'FieldToMatch': {'Type': 'test_match_type'},
                'TargetString': 'test_target',
                'TextTransformation': 'test_transformation',
                'PositionalConstraint': 'test_constraint'}],
        }