def test_crawl_org_for_acts(self, mock_session): "Test that if an exception is raised the crawl continues" mock_session.client = MagicMock() account_side_effect = [] paginator_side_effect = [] ou_ids = ["r-0", "ou-0", "ou-1", "ou-2", "sou-0"] for ou_id in ou_ids: parent_acts = _generate_act_for_parent_side_effect( self.schema, ou_id) account_side_effect.extend(parent_acts) paginator = MagicMock() paginator.paginate( ParentId=ou_id ).build_full_result.return_value = self.paginator_dict[ou_id] paginator_side_effect.append(paginator) unit_crawler = AWSOrgUnitCrawler(self.account) unit_crawler._init_session() unit_crawler._client.list_roots.return_value = { "Roots": [{ "Id": "r-0", "Arn": "arn-0", "Name": "root_0" }] } unit_crawler._client.list_accounts_for_parent.side_effect = account_side_effect unit_crawler._client.get_paginator.side_effect = paginator_side_effect unit_crawler.crawl_account_hierarchy() with schema_context(self.schema): cur_count = AWSOrganizationalUnit.objects.count() total_entries = (len(ou_ids) * GEN_NUM_ACT_DEFAULT) + len(ou_ids) self.assertEqual(cur_count, total_entries)
def test_no_delete_on_exceptions(self, mock_crawl, mock_session): """Test that when things go wrong we don't delete.""" mock_crawl.side_effect = Exception() mock_session.client = MagicMock() account_side_effect = [] paginator_side_effect = [] ou_ids = ["r-0", "ou-0", "ou-1", "ou-2", "sou-0"] for ou_id in ou_ids: parent_acts = _generate_act_for_parent_side_effect( self.schema, ou_id) account_side_effect.extend(parent_acts) paginator = MagicMock() paginator.paginate( ParentId=ou_id ).build_full_result.return_value = self.paginator_dict[ou_id] paginator_side_effect.append(paginator) unit_crawler = AWSOrgUnitCrawler(self.account) unit_crawler._init_session() unit_crawler._client.list_roots.return_value = { "Roots": [{ "Id": "r-0", "Arn": "arn-0", "Name": "root_0" }] } unit_crawler._client.list_accounts_for_parent.side_effect = account_side_effect unit_crawler._client.get_paginator.side_effect = paginator_side_effect with patch( "masu.external.accounts.hierarchy.aws.aws_org_unit_crawler.AWSOrgUnitCrawler._mark_nodes_deleted" ) as mock_deleted: unit_crawler.crawl_account_hierarchy() self.assertEqual(True, unit_crawler.errors_raised) self.assertEqual(False, mock_deleted.called)
def test_unknown_exception(self, mock_session): """Test botocore general ClientError.""" logging.disable(logging.NOTSET) mock_session.client = MagicMock() unit_crawler = AWSOrgUnitCrawler(self.account) unit_crawler._init_session() unit_crawler._client.list_roots.side_effect = Exception("unknown error") with self.assertLogs(logger=crawler_log, level=logging.raiseExceptions): unit_crawler.crawl_account_hierarchy()
def test_general_client_error_denied(self, mock_session): """Test botocore general ClientError.""" logging.disable(logging.NOTSET) mock_session.client = MagicMock() unit_crawler = AWSOrgUnitCrawler(self.account) unit_crawler._init_session() unit_crawler._client.list_roots.side_effect = _mock_boto3_general_client_error with self.assertLogs(logger=crawler_log, level=logging.WARNING): unit_crawler.crawl_account_hierarchy()
def test_crawl_boto_param_exception(self, mock_session): """Test botocore parameter exception is caught properly.""" logging.disable(logging.NOTSET) mock_session.client = MagicMock() unit_crawler = AWSOrgUnitCrawler(self.account) unit_crawler._init_session() unit_crawler._client.list_roots.side_effect = ParamValidationError(report="Bad Param") with self.assertLogs(logger=crawler_log, level=logging.WARNING): unit_crawler.crawl_account_hierarchy()
def test_crawl_list_root_access_denied(self, mock_session): """Test botocore list roots access denied.""" # https://boto3.amazonaws.com/v1/documentation/api/latest/guide/error-handling.html logging.disable(logging.NOTSET) mock_session.client = MagicMock() unit_crawler = AWSOrgUnitCrawler(self.account) unit_crawler._init_session() unit_crawler._client.list_roots.side_effect = _mock_boto3_access_denied with self.assertLogs(logger=crawler_log, level=logging.WARNING): unit_crawler.crawl_account_hierarchy()
def test_depaginate(self, mock_session): """Test the aws account info is depaginated""" mock_session.client = MagicMock() parent_id = "TestDepaginate" unit_crawler = AWSOrgUnitCrawler(self.account) unit_crawler._init_session() side_effect_list = _generate_act_for_parent_side_effect(self.schema, parent_id, 3) unit_crawler._build_accout_alias_map() unit_crawler._client.list_accounts_for_parent.side_effect = side_effect_list accounts = unit_crawler._depaginate_account_list( function=unit_crawler._client.list_accounts_for_parent, resource_key="Accounts", ParentId=parent_id ) self.assertIsNotNone(accounts) self.assertEqual(len(accounts), len(side_effect_list)) for side_effect in side_effect_list: expected_account = side_effect["Accounts"][0] self.assertIn(expected_account, accounts)
def test_crawl_accounts_per_id(self, mock_session): """Test that the accounts are depaginated and saved to db.""" mock_session.client = MagicMock() parent_id = "big_sub_org" unit_crawler = AWSOrgUnitCrawler(self.account) unit_crawler._init_session() side_effect_list = _generate_act_for_parent_side_effect(self.schema, parent_id, 3) unit_crawler._build_accout_alias_map() unit_crawler._client.list_accounts_for_parent.side_effect = side_effect_list unit_crawler._structure_yesterday = {} prefix = f"root&{parent_id}" ou = {"Id": parent_id, "Name": "Big Org Unit"} unit_crawler._crawl_accounts_per_id(ou, prefix, level=1) with schema_context(self.schema): acts_in_db = AWSOrganizationalUnit.objects.filter(account_alias__isnull=False) self.assertIsNotNone(acts_in_db) self.assertEqual(acts_in_db.count(), 3)
def test_init_session(self, mock_session): """Test the method that retrieves of a aws client.""" unit_crawler = AWSOrgUnitCrawler(self.account) unit_crawler._init_session() mock_session.assert_called()