def test_load():
mock_org = MockOrganization()
mock_org.simple()
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org.clear_cache()
assert not os.path.exists(org._cache_dir)
assert not os.path.exists(org._cache_file)
org.load()
assert os.path.exists(org._cache_file)
assert org.id == mock_org.org_id
assert org.root_id == mock_org.root_id
assert len(org.accounts) == 3
assert len(org.org_units) == 6
assert len(org.policies) == 3
for ou in org.org_units:
for policy_id in ou.attached_policy_ids:
assert policy_id in [p.id for p in org.policies]
for account in org.accounts:
for policy_id in account.attached_policy_ids:
assert policy_id in [p.id for p in org.policies]
for policy in org.policies:
for target in policy.targets:
if target['Type'] == 'ROOT':
assert target['TargetId'] == mock_org.root_id
elif target['Type'] == 'ORGANIZATIONAL_UNIT':
assert target['TargetId'] in [ou.id for ou in org.org_units]
elif target['Type'] == 'ACCOUNT':
assert target['TargetId'] in [a.id for a in org.accounts]
org_from_cache = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org_from_cache.load()
assert org.dump() == org_from_cache.dump()
org.clear_cache()
def test_load_org():
mock_org = MockOrganization()
mock_org._load_org(SIMPLE_ORG_SPEC)
assert isinstance(mock_org.spec, dict)
assert mock_org.spec == yaml.safe_load(SIMPLE_ORG_SPEC)
assert isinstance(mock_org.org_id, str)
assert isinstance(mock_org.root_id, str)
def test_ou_gen():
mock_org = MockOrganization()
mock_org._load_org(SIMPLE_ORG_SPEC)
ou = dict(name='mock_ou')
ou_id = mock_org._ou_gen(ou, mock_org.root_id)
assert isinstance(ou_id, str)
response = mock_org.client.describe_organizational_unit(OrganizationalUnitId=ou_id)
assert response['OrganizationalUnit']['Name'] == ou['name']
def test_complex_build():
mock_org = MockOrganization()
mock_org.complex()
assert mock_org.spec == yaml.safe_load(COMPLEX_ORG_SPEC)
assert len(mock_org.client.list_accounts()['Accounts']) == 13
assert len(
mock_org.client.list_policies(
Filter='SERVICE_CONTROL_POLICY')['Policies']) == 6
assert len(
mock_org.client.list_organizational_units_for_parent(
ParentId=mock_org.root_id)['OrganizationalUnits']) == 2
def test_get_or_update_accounts():
MockOrganization().complex()
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org.load()
crawler = crawlers.Crawler(org)
assert crawler.get_accounts() == crawler.accounts
crawler.update_accounts('account01')
assert len(crawler.accounts) == 1
assert isinstance(crawler.accounts[0], orgs.OrgAccount)
assert crawler.accounts[0].name == 'account01'
crawler.update_accounts(['account01', 'account02'])
assert len(crawler.accounts) == 2
assert isinstance(crawler.accounts[0], orgs.OrgAccount)
assert isinstance(crawler.accounts[1], orgs.OrgAccount)
assert crawler.accounts[0].name == 'account01'
assert crawler.accounts[1].name == 'account02'
crawler.update_accounts('ALL')
assert crawler.accounts == crawler.org.accounts
crawler.update_accounts([])
assert len(crawler.accounts) == 0
crawler.update_accounts(None)
assert len(crawler.accounts) == 0
crawler.update_accounts(None)
with pytest.raises(ValueError) as e:
crawler.update_accounts('')
with pytest.raises(ValueError) as e:
crawler.update_accounts(1234)
with pytest.raises(ValueError) as e:
crawler.update_accounts(dict())
def test_org_cache():
MockOrganization().simple()
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org._load_client()
org._load_org()
org._load_accounts()
org._load_org_units()
org._save_cached_org_to_file()
assert os.path.exists(org._cache_file)
org.clear_cache()
assert not os.path.exists(org._cache_file)
assert not os.path.exists(org._cache_dir)
#os.remove(org._cache_file)
with pytest.raises(RuntimeError) as e:
loaded_dump = org._get_cached_org_from_file()
assert str(e.value) == 'Cache file not found'
org._save_cached_org_to_file()
timestamp = os.path.getmtime(org._cache_file) - 3600
os.utime(org._cache_file,(timestamp,timestamp))
with pytest.raises(RuntimeError) as e:
loaded_dump = org._get_cached_org_from_file()
assert str(e.value) == 'Cache file too old'
org._save_cached_org_to_file()
org_dump = org.dump()
loaded_dump = org._get_cached_org_from_file()
assert loaded_dump == org_dump
org_from_cache = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org_from_cache._load_org_dump(loaded_dump)
assert org.dump() == org_from_cache.dump()
def test_list_accounts_by_name_or_id():
mock_org = MockOrganization()
mock_org.simple()
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org.load()
mock_accounts = mock_org.spec['root'][0]['accounts']
response = org.list_accounts_by_name()
assert isinstance(response, list)
assert len(response) == 3
assert sorted(response) == [a['name'] for a in mock_accounts]
response = org.list_accounts_by_id()
assert isinstance(response, list)
assert len(response) == 3
for account_id in response:
assert re.compile(r'[0-9]{12}').match(account_id)
org.clear_cache()
def test_setup_crawler():
Org('no_id', 'no_role').clear_cache()
MockOrganization().simple()
crawler = setup_crawler(ORG_ACCESS_ROLE)
assert isinstance(crawler, crawlers.Crawler)
assert len(crawler.org.accounts) == 3
assert len(crawler.org.org_units) == 6
for account in crawler.accounts:
assert 'aws_access_key_id' in account.credentials
assert 'aws_secret_access_key' in account.credentials
assert 'aws_session_token' in account.credentials
crawler = setup_crawler(
ORG_ACCESS_ROLE,
'account_role',
['account02', 'account03'],
['us-west-2', 'us-east-1'],
)
assert crawler.access_role == 'account_role'
assert len(crawler.accounts) == 2
assert len(crawler.regions) == 2
assert set([a.name
for a in crawler.accounts]) == set(['account02', 'account03'])
assert set(crawler.regions) == set(['us-west-2', 'us-east-1'])
with pytest.raises(TypeError):
crawler = setup_crawler()
with pytest.raises(ValueError):
crawler = setup_crawler(ORG_ACCESS_ROLE, accounts='bogus_01')
with pytest.raises(ValueError):
crawler = setup_crawler(ORG_ACCESS_ROLE, regions='bogus_01')
def test_orgcrawler_success(options_list):
MockOrganization().simple()
runner = CliRunner()
result = runner.invoke(
orgcrawler.main,
options_list,
)
assert result.exit_code == 0
def test_orgquery_failure(options_list):
MockOrganization().simple()
runner = CliRunner()
result = runner.invoke(
orgquery.main,
options_list,
)
assert result.exit_code != 0
def test_get_policy_id_by_name():
MockOrganization().complex()
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org.load()
policy_id = org.get_policy_id_by_name('policy01')
assert isinstance(policy_id, str)
assert policy_id == org.get_policy('policy01').id
assert org.get_policy_id_by_name('BLEE') is None
org.clear_cache()
def test_load_org_units():
MockOrganization().simple()
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org._load_client()
org._load_org()
org._load_org_units()
assert len(org.org_units) == 6
for ou in org.org_units:
assert isinstance(ou, orgs.OrganizationalUnit)
def test_load_policies():
MockOrganization().simple()
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org._load_client()
org._load_org()
org._load_policies()
assert len(org.policies) == 3
for policy in org.policies:
assert isinstance(policy, orgs.OrgPolicy)
def test_load_accounts():
MockOrganization().simple()
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org._load_client()
org._load_org()
org._load_accounts()
assert len(org.accounts) == 3
assert isinstance(org.accounts[0], orgs.OrgAccount)
assert org.accounts[0].parent_id == org.root_id
def test_list_policies_by_name():
MockOrganization().complex()
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org.load()
response = org.list_policies_by_name()
print(response)
assert len(response) == 6
for name in response:
assert name.startswith('policy')
org.clear_cache()
def test_get_org_unit_id():
MockOrganization().simple()
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org.load()
ou = org.org_units[0]
assert ou.id == org.get_org_unit_id(ou)
assert ou.id == org.get_org_unit_id(ou.id)
assert ou.id == org.get_org_unit_id(ou.name)
assert org.get_org_unit_id('Blee') is None
org.clear_cache()
def test_get_account():
MockOrganization().simple()
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org.load()
account = org.get_account('account01')
assert isinstance(account, orgs.OrgAccount)
assert org.get_account(account) == account
assert account.name == 'account01'
assert account.id == org.get_account_id_by_name('account01')
org.clear_cache()
def test_get_account_id_by_name():
MockOrganization().simple()
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org.load()
account_id = org.get_account_id_by_name('account01')
accounts_by_boto_client = org.client.list_accounts()['Accounts']
assert account_id == next((
a['Id'] for a in accounts_by_boto_client if a['Name'] == 'account01'
), None)
org.clear_cache()
def test_dump_accounts():
mock_org = MockOrganization()
mock_org.simple()
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org.load()
response = org.dump_accounts()
assert isinstance(response, list)
assert len(response) == 3
mock_accounts = mock_org.spec['root'][0]['accounts']
for account in response:
assert account['master_account_id'] == MASTER_ACCOUNT_ID
assert account['organization_id'] == org.id
assert account['name'] in [a['name'] for a in mock_accounts]
assert re.compile(r'[0-9]{12}').match(account['id'])
assert account['parent_id'] == org.root_id
assert account['email'] == account['name'] + '@example.com'
assert len(account['aliases']) == 0
assert len(account['credentials']) == 0
org.clear_cache()
def test_load_account_credentials():
MockOrganization().complex()
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org.load()
crawler = crawlers.Crawler(org)
crawler.load_account_credentials()
assert isinstance(crawler.accounts, list)
assert len(crawler.accounts) == len(org.accounts)
for account in crawler.accounts:
assert isinstance(account.credentials, dict)
def test_get_policy_name_by_id():
MockOrganization().complex()
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org.load()
policy_id = org.get_policy_id_by_name('policy01')
response = org.get_policy_name_by_id(policy_id)
assert isinstance(response, str)
assert response == 'policy01'
assert org.get_policy_name_by_id('BLEE') is None
org.clear_cache()
def test_crawler_response_init():
MockOrganization().simple()
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org.load()
response = crawlers.CrawlerResponse('us-east-1', org.accounts[0])
assert response.region == 'us-east-1'
assert isinstance(response.account, orgs.OrgAccount)
assert response.payload_output is None
assert isinstance(response.timer, crawlers.CrawlerTimer)
assert isinstance(response.dump(), dict)
def test_list_policies_by_id():
MockOrganization().complex()
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org.load()
response = org.list_policies_by_id()
print(response)
assert len(response) == 6
for policy_id in response:
assert re.compile(r'p-[a-z0-9]{8}').match(policy_id)
org.clear_cache()
def test_crawler_execution_init():
MockOrganization().simple()
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org.load()
execution = crawlers.CrawlerExecution(get_mock_account_alias)
assert isfunction(execution.payload)
assert execution.name == 'get_mock_account_alias'
assert execution.responses == []
assert isinstance(execution.timer, crawlers.CrawlerTimer)
assert isinstance(execution.dump(), dict)
def test_format_responses():
MockOrganization().simple()
crawler = setup_crawler(ORG_ACCESS_ROLE)
crawler.execute(payload.get_mock_account_alias)
execution = crawler.execute(payload.get_mock_account_alias)
execution_responses = format_responses(execution)
print(yamlfmt(execution_responses))
assert isinstance(execution_responses, list)
for response in execution_responses:
assert 'Account' in response
assert 'Regions' in response
def test_list_org_units_in_ou_recursive():
MockOrganization().complex()
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org.load()
response = org.list_org_units_in_ou_recursive(org.root_id)
assert len(response) == 6
for ou in response:
assert isinstance(ou, orgs.OrganizationalUnit)
assert ou.id.startswith('ou-')
response = org.list_org_units_in_ou_recursive('ou02')
assert len(response) == 2
org.clear_cache()
def test_list_hosted_zones():
MockOrganization().simple()
crawler = setup_crawler(ORG_ACCESS_ROLE)
account = crawler.accounts[0]
region = crawler.regions[0]
client = boto3.client('route53', region_name=region, **account.credentials)
client.create_hosted_zone(
Name='test_zone.example.com',
CallerReference='a_unique_string'
)
response = route53.list_hosted_zones(region, account)
assert response['HostedZones'][0]['Name'] == 'test_zone.example.com.'
def test_account_gen():
mock_org = MockOrganization()
mock_org._load_org(SIMPLE_ORG_SPEC)
account = dict(name='mock_account', policies=['p1', 'p2'])
mock_org._account_gen(account, mock_org.root_id)
assert len(mock_org.policy_list) == 2
response = mock_org.client.list_accounts_for_parent(ParentId=mock_org.root_id)
assert [a for a in response['Accounts'] if a['Name'] == account['name']]
def test_get_policy_id():
MockOrganization().complex()
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org.load()
policy_id = org.get_policy_id('policy01')
assert isinstance(policy_id, str)
assert re.compile(r'p-[a-z0-9]{8}').match(policy_id)
assert policy_id == org.get_policy_id(policy_id)
assert policy_id == org.get_policy('policy01').id
assert policy_id == org.get_policy_id_by_name('policy01')
policy = org.get_policy('policy01')
assert policy_id == org.get_policy_id(policy)
assert org.get_policy_id('Blee') is None
org.clear_cache()
def test_get_or_update_regions():
MockOrganization().complex()
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org.load()
crawler = crawlers.Crawler(org)
assert crawler.get_regions() == ALL_REGIONS
crawler.update_regions('GLOBAL')
assert crawler.get_regions() == [crawlers.DEFAULT_REGION]
crawler.update_regions(utils.regions_for_service('iam'))
assert crawler.get_regions() == [crawlers.DEFAULT_REGION]
crawler.update_regions(ALL_REGIONS)
assert crawler.get_regions() == ALL_REGIONS
crawler.update_regions(utils.regions_for_service('cloud9'))
assert crawler.get_regions() == utils.regions_for_service('cloud9')
