def test_old_access(self):
"""Key is past max access age threshold, key is marked as expired"""
created = datetime.datetime(2019, 1, 1, tzinfo=datetime.timezone.utc)
last_used = datetime.datetime(2019, 1, 2, tzinfo=datetime.timezone.utc)
key = Key('username', 'keyid', 'Active', created, last_used)
key.audit(60, 80, 10, 9)
assert key.audit_state == 'stagnant_expire'
def test_rotate_access(self):
"""Key is past last accessed age, key is marked as old"""
created = datetime.datetime(2019, 1, 1, tzinfo=datetime.timezone.utc)
last_used = datetime.datetime(2019, 1, 2, tzinfo=datetime.timezone.utc)
key = Key('username', 'keyid', 'Active', created, last_used)
key.audit(60, 80, 20, 10)
assert key.audit_state == 'stagnant'
def test_old_expiration(self):
"""Key is past max expiration threshold, key is marked as expired"""
created = datetime.datetime(2019, 1, 1, tzinfo=datetime.timezone.utc)
last_used = datetime.datetime(2019, 1, 2, tzinfo=datetime.timezone.utc)
key = Key('username', 'keyid', 'Active', created, last_used)
key.audit(10, 11, 10, 8)
assert key.audit_state == 'expire'
def test_old(self):
"""Key is past max threshold, key is marked as expired"""
created = datetime.datetime(2019, 1, 1, tzinfo=datetime.timezone.utc)
k = Key('username', 'keyid', 'Active', created)
k.audit(10, 11)
assert k.audit_state == 'expire'
def test_invalid(self):
"""Key is disabled AWS status of Inactive, key marked is disabled"""
created = datetime.datetime(2019, 1, 1, tzinfo=datetime.timezone.utc)
k = Key('username', 'keyid', 'Inactive', created)
with pytest.raises(AssertionError):
k.audit(5, 1)
def test_rotate(self):
"""Key is past rotate age, key is marked as old"""
created = datetime.datetime(2019, 1, 1, tzinfo=datetime.timezone.utc)
k = Key('username', 'keyid', 'Active', created)
k.audit(10, 80)
assert k.audit_state == 'old'
def test_invalid(self):
"""Key is disabled AWS status of Inactive, key marked is disabled"""
created = datetime.datetime(2019, 1, 1, tzinfo=datetime.timezone.utc)
last_used = datetime.datetime(2019, 1, 2, tzinfo=datetime.timezone.utc)
key = Key('user2', 'ldasfkk', 'Inactive', created, last_used)
with pytest.raises(AssertionError):
key.audit(5, 1, 1, 1)
def test_rotate_expiration(self):
"""Key is past rotate age, key is marked as old"""
created = datetime.datetime(2019, 1, 1, tzinfo=datetime.timezone.utc)
last_used = datetime.datetime(2019, 1, 2, tzinfo=datetime.timezone.utc)
key = Key('username', 'keyid', 'Active', created, last_used)
key.audit(10, 80, 20, 19)
assert key.audit_state == 'old'
def test_normal(self):
"""Normal happy path, key is good"""
created = datetime.datetime(2019, 1, 1, tzinfo=datetime.timezone.utc)
last_used = datetime.datetime(2019, 1, 2, tzinfo=datetime.timezone.utc)
k = Key('username', 'keyid', 'Active', created, last_used)
k.audit(60, 80, 20, 19)
assert k.creation_age == 15
assert k.audit_state == 'good'
def test_no_disable(self, monkeypatch):
"""Key is disabled AWS status of Inactive, but disabling is turned off so key remains audit state expire"""
monkeypatch.setenv('ENABLE_AUTO_EXPIRE', 'false')
created = datetime.datetime(2019, 1, 1, tzinfo=datetime.timezone.utc)
last_used = datetime.datetime(2019, 1, 2, tzinfo=datetime.timezone.utc)
key = Key('user2', 'ldasfkk', 'Inactive', created, last_used)
key.audit(10, 11, 10, 8)
assert key.audit_state == 'expire'
def test_disabled(self, monkeypatch):
"""Key is disabled AWS status of Inactive, key marked is disabled"""
monkeypatch.setenv('ENABLE_AUTO_EXPIRE', 'true')
created = datetime.datetime(2019, 1, 1, tzinfo=datetime.timezone.utc)
last_used = datetime.datetime(2019, 1, 2, tzinfo=datetime.timezone.utc)
key = Key('user2', 'ldasfkk', 'Inactive', created, last_used)
key.audit(10, 11, 10, 8)
assert key.audit_state == 'disabled'
key.audit(60, 80, 30, 20)
assert key.audit_state == 'disabled'
def test_inactive(self, monkeypatch):
"""Key is disabled AWS status of Inactive, key marked is disabled"""
monkeypatch.setenv('ENABLE_AUTO_EXPIRE', 'true')
created = datetime.datetime(2019, 1, 1, tzinfo=datetime.timezone.utc)
k = Key('username', 'keyid', 'Inactive', created)
k.audit(10, 11)
assert k.audit_state == 'disabled'
k.audit(60, 80)
assert k.audit_state == 'disabled'
def get_iam_key_info(user):
"""Fetches User key info
Parameters:
user (str): user to fetch key info for
Returns:
list (Key): Return list of keys for a single user
"""
from sleuth.auditor import Key
resp = IAM.list_access_keys(UserName=user.username)
keys = []
for k in resp['AccessKeyMetadata']:
keys.append(
Key(k['UserName'], k['AccessKeyId'], k['Status'], k['CreateDate']))
return keys
def test_last_used(self, monkeypatch):
"""Key has not been used in X days, key marked is disabled"""
monkeypatch.setenv('ENABLE_AUTO_EXPIRE', 'true')
monkeypatch.setenv('INACTIVITY_AGE', '10')
created = datetime.datetime(2019, 1, 1, tzinfo=datetime.timezone.utc)
last_used = datetime.datetime(2019, 1, 2, tzinfo=datetime.timezone.utc)
key = Key('user3', 'kljin', 'Active', created, last_used)
key.audit(10, 11, 2, 1)
assert key.audit_state == 'expire'
key.audit(60, 80, 2, 1)
assert key.audit_state == 'stagnant_expire'
def get_iam_key_info(user):
"""Fetches User key info
Parameters:
user (str): user to fetch key info for
Returns:
list (Key): Return list of keys for a single user
"""
from sleuth.auditor import Key
keys = []
key_info = IAM.list_access_keys(UserName=user.username)
for k in key_info['AccessKeyMetadata']:
access_date = IAM.get_access_key_last_used(
AccessKeyId=k['AccessKeyId'])
keys.append(
Key(
k['UserName'], k['AccessKeyId'], k['Status'], k['CreateDate'],
access_date['AccessKeyLastUsed']['LastUsedDate']
if 'LastUsedDate' in access_date['AccessKeyLastUsed'] else
k['CreateDate']))
return keys
from freezegun import freeze_time
import datetime
import pytest
from sleuth.services import format_slack_id, prepare_sns_message, prepare_slack_message
from sleuth.auditor import Key, User
created = datetime.datetime(2019, 1, 1, tzinfo=datetime.timezone.utc)
lastused = created = datetime.datetime(2019,
1,
3,
tzinfo=datetime.timezone.utc)
# 4 users to represent the 4 audit states
user1 = User('user1', 'slackuser1', 'U12345')
key1 = Key('user1', 'asdfksakfa', 'Active', created, lastused)
key1.audit_state = 'old'
user2 = User('user2', 'slackuser2', 'U67890')
key2 = Key('user2', 'ldasfkk', 'Active', created, lastused)
key2.audit_state = 'expire'
user3 = User('user3', 'slackuser3', 'U13579')
key3 = Key('user3', 'oithsetc', 'Active', created, lastused)
key3.audit_state = 'stagnant'
user4 = User('user4', 'slackuser4', 'U24680')
key4 = Key('user4', 'bajaoietnb', 'Active', created, lastused)
key4.audit_state = 'stagnant_expire'
user1.keys = [key1]
from freezegun import freeze_time
import datetime
import pytest
from sleuth.services import format_slack_id, prepare_sns_message, prepare_slack_message
from sleuth.auditor import Key, User
created = datetime.datetime(2019, 1, 1, tzinfo=datetime.timezone.utc)
user1 = User('user1', 'slackuser1', 'U12345')
user2 = User('user1', 'slackuser1', 'U67890')
key1 = Key('user1', 'asdfksakfa', 'Active', created)
key1.audit_state = 'old'
key2 = Key('user2', 'ldasfkk', 'Active', created)
key2.audit_state = 'expire'
user1.keys = [key1]
user2.keys = [key2]
users = [user1, user2]
class TestFormatSlackID():
def test_empty_input(self):
"""Test empty input"""
# None input
resp = format_slack_id(None)
assert resp == 'UNKNOWN'
# empty input
resp = format_slack_id('')
assert resp == 'UNKNOWN'