def create(self, validated_data):
"""Create an AwsAccount."""
arn = validated_data['account_arn']
aws_account_id = aws.extract_account_id_from_arn(arn)
account = AwsAccount(account_arn=arn, aws_account_id=aws_account_id)
session = aws.get_session(arn)
if aws.verify_account_access(session):
instances_data = aws.get_running_instances(session)
with transaction.atomic():
account.save()
create_initial_aws_instance_events(account, instances_data)
else:
raise serializers.ValidationError(
_('AwsAccount verification failed. ARN Info Not Stored'))
return account
def test_get_session(self):
"""Assert get_session returns session object."""
mock_arn = helper.generate_dummy_arn()
mock_account_id = extract_account_id_from_arn(mock_arn)
mock_role = helper.generate_dummy_role()
with patch.object(aws.boto3, 'client') as mock_client:
mock_assume_role = mock_client.return_value.assume_role
mock_assume_role.return_value = mock_role
session = aws.get_session(mock_arn)
creds = session.get_credentials().get_frozen_credentials()
mock_client.assert_called_with('sts')
mock_assume_role.assert_called_with(
Policy=json.dumps(aws.cloudigrade_policy),
RoleArn=mock_arn,
RoleSessionName=f'cloudigrade-{mock_account_id}')
self.assertEqual(creds[0], mock_role['Credentials']['AccessKeyId'])
self.assertEqual(creds[1], mock_role['Credentials']['SecretAccessKey'])
self.assertEqual(creds[2], mock_role['Credentials']['SessionToken'])
def generate_aws_account(arn=None, aws_account_id=None):
"""
Generate an AwsAccount for testing.
Any optional arguments not provided will be randomly generated.
Args:
arn (str): Optional ARN.
aws_account_id (decimal.Decimal): Optional AWS account ID.
Returns:
AwsAccount: The created AwsAccount.
"""
if arn is None:
arn = helper.generate_dummy_arn(aws_account_id)
if aws_account_id is None:
aws_account_id = aws.extract_account_id_from_arn(arn)
return AwsAccount.objects.create(
account_arn=arn,
aws_account_id=aws_account_id,
)
def test_error_extract_account_id_from_invalid_arn(self):
"""Assert error in account ID extraction from a badly-formed ARN."""
mock_arn = faker.Faker().text()
with self.assertRaises(Exception): # TODO more specific exceptions
aws.extract_account_id_from_arn(mock_arn)
def test_extract_account_id_from_arn(self):
"""Assert successful account ID extraction from a well-formed ARN."""
mock_account_id = helper.generate_dummy_aws_account_id()
mock_arn = helper.generate_dummy_arn(mock_account_id)
extracted_account_id = aws.extract_account_id_from_arn(mock_arn)
self.assertEqual(mock_account_id, extracted_account_id)
def test_generate_dummy_arn_random_account_id(self):
"""Assert generation of an ARN without a specified account ID."""
arn = helper.generate_dummy_arn()
account_id = aws.extract_account_id_from_arn(arn)
self.assertIn(str(account_id), arn)