def test_get_audit_logs_bigquery_bindings_remote(self):
yaml_dict = yaml.load(TEST_PROJECT_YAML)
project_dict = yaml_dict['projects'][0]
# Set remote audit logs instead of local audit logs.
project_dict['audit_logs'] = {
'logs_bigquery_dataset': {
'name': 'some_data_logs'
},
}
audit_logs_project = {
'project_id': 'audit-logs',
'owners_group': '*****@*****.**',
}
project = ProjectConfig(
project=project_dict,
audit_logs_project=audit_logs_project,
generated_fields=yaml_dict['generated_fields'])
got_bindings = project.get_audit_logs_bigquery_bindings()
want_bindings = [
{
'role': 'OWNER',
'members': [{'group_email': '*****@*****.**'}],
},
{
'role': 'WRITER',
'members': [{
'user_email':
'*****@*****.**'
}],
},
{
'role': 'READER',
'members': [{'group_email': '*****@*****.**'}],
},
]
self.assertEqual(got_bindings, want_bindings)
def test_load_valid_config(self):
yaml_dict = yaml.load(TEST_PROJECT_YAML)
project = ProjectConfig(project=yaml_dict['projects'][0],
audit_logs_project=None,
forseti=yaml_dict['forseti'])
self.assertIsNotNone(project)
self.assertEqual('sample-data', project.project_id)
self.assertEqual(
['monitoring.googleapis.com', 'logging.googleapis.com'],
project.enabled_apis)
expected_proj_bindings = {
'roles/owner': ['group:[email protected]'],
'roles/editors': [
'serviceAccount:[email protected]',
'serviceAccount:[email protected]',
('serviceAccount:service-123546879123@'
'containerregistry.iam.gserviceaccount.com'),
],
'roles/iam.securityReviewer': [
'group:[email protected]',
'serviceAccount:[email protected]',
],
'roles/bigquery.dataViewer': [
'group:[email protected]',
'group:[email protected]',
'group:[email protected]',
],
'roles/ml.developer': [
'group:[email protected]',
'group:[email protected]',
'group:[email protected]',
],
}
self.assertDictEqual(expected_proj_bindings,
project.get_project_bindings())
expected_log_bindings = {
'roles/storage.admin': ['group:[email protected]'],
'roles/storage.objectAdmin': [],
'roles/storage.objectViewer':
['group:[email protected]'],
'roles/storage.objectCreator':
['group:[email protected]'],
}
expected_raw_data_bindings = {
'roles/storage.admin': [
'group:[email protected]',
],
'roles/storage.objectAdmin': [
'group:[email protected]',
],
'roles/storage.objectCreator': [],
'roles/storage.objectViewer': [
'group:[email protected]',
'group:[email protected]',
],
}
expected_processed_data_bindings = copy.deepcopy(
expected_raw_data_bindings)
expected_processed_data_bindings['roles/storage.admin'].append(
'serviceAccount:[email protected]')
expected_bucket_bindings = [
(['sample-data-logs'], expected_log_bindings),
(['sample-data-processed'], expected_processed_data_bindings),
(['sample-data-raw'], expected_raw_data_bindings),
]
self.assertEqual(expected_bucket_bindings,
project.get_bucket_bindings())
self.assertEqual(
'bigquery.googleapis.com/projects/sample-data/datasets/audit_logs',
project.get_audit_log_sink_destination())