def test_create_fails_access_denied(self, mock_notify_sources):
"""Test that an exception is raised if access is denied to the arn."""
client_error = ClientError(
error_response={"Error": {
"Code": "AccessDenied"
}},
operation_name=Mock(),
)
mock_request = Mock()
mock_request.user = util_helper.generate_test_user()
context = {"request": mock_request}
serializer = CloudAccountSerializer(context=context)
with patch.object(
aws, "verify_account_access") as mock_verify, patch.object(
aws.sts, "boto3") as mock_boto3:
mock_assume_role = mock_boto3.client.return_value.assume_role
mock_assume_role.side_effect = client_error
mock_verify.return_value = True, []
expected_error = {
"account_arn":
['Permission denied for ARN "{0}"'.format(self.arn)]
}
with self.assertLogs(
"api.models",
level="INFO") as cm, self.assertRaises(ValidationError):
serializer.create(self.validated_data)
log_record = cm.records[1]
self.assertIn(
expected_error["account_arn"][0],
log_record.msg.detail["account_arn"][0],
)
def test_create_succeeds_when_account_verified(self, mock_enable):
"""Test saving of a test ARN."""
mock_request = Mock()
mock_request.user = util_helper.generate_test_user()
context = {"request": mock_request}
serializer = CloudAccountSerializer(context=context)
result = serializer.create(self.validated_data)
self.assertIsInstance(result, CloudAccount)
mock_enable.assert_called()
# Verify that we created the account.
account = AwsCloudAccount.objects.get(
aws_account_id=self.aws_account_id)
self.assertEqual(self.aws_account_id, account.aws_account_id)
self.assertEqual(self.arn, account.account_arn)
# Verify that we created no instances yet.
instances = Instance.objects.filter(
cloud_account=account.cloud_account.get()).all()
self.assertEqual(len(instances), 0)
# Verify that we created no images yet.
amis = AwsMachineImage.objects.all()
self.assertEqual(len(amis), 0)
def test_create_fails_cloudtrail_configuration_error(
self, mock_notify_sources):
"""Test that an exception occurs if cloudtrail configuration fails."""
mock_request = Mock()
mock_request.user = util_helper.generate_test_user()
context = {"request": mock_request}
serializer = CloudAccountSerializer(context=context)
client_error = ClientError(
error_response={"Error": {
"Code": "AccessDeniedException"
}},
operation_name=Mock(),
)
with patch.object(
aws, "verify_account_access") as mock_verify, patch.object(
aws.sts, "boto3") as mock_boto3, patch.object(
aws, "configure_cloudtrail") as mock_cloudtrail:
mock_assume_role = mock_boto3.client.return_value.assume_role
mock_assume_role.return_value = self.role
mock_verify.return_value = True, []
mock_cloudtrail.side_effect = client_error
expected_error = "Could not enable"
with self.assertLogs(
"api.models",
level="INFO") as cm, self.assertRaises(ValidationError):
serializer.create(self.validated_data)
log_record = cm.records[1]
self.assertIn(expected_error, log_record.msg.detail["account_arn"])
def test_serialization_fails_on_only_empty_name(self):
"""Test that an account is not saved if only name is empty."""
mock_request = Mock()
mock_request.user = util_helper.generate_test_user()
context = {"request": mock_request}
validated_data = {"account_arn": self.arn, "cloud_type": "aws"}
with patch.object(
aws, "verify_account_access") as mock_verify, patch.object(
aws.sts, "boto3") as mock_boto3:
mock_assume_role = mock_boto3.client.return_value.assume_role
mock_assume_role.return_value = self.role
mock_verify.return_value = True, []
serializer = CloudAccountSerializer(context=context,
data=validated_data)
serializer.is_valid()
self.assertEquals("This field is required.",
str(serializer.errors["name"][0]))
def test_create_fails_when_aws_verify_fails(self, mock_notify_sources):
"""Test that an exception is raised if verify_account_access fails."""
mock_request = Mock()
mock_request.user = util_helper.generate_test_user()
context = {"request": mock_request}
serializer = CloudAccountSerializer(context=context)
with patch.object(
aws, "verify_account_access") as mock_verify, patch.object(
aws.sts, "boto3") as mock_boto3:
mock_assume_role = mock_boto3.client.return_value.assume_role
mock_assume_role.return_value = self.role
mock_verify.return_value = False, []
expected_error = "Could not enable"
with self.assertLogs(
"api.models",
level="INFO") as cm, self.assertRaises(ValidationError):
serializer.create(self.validated_data)
log_record = cm.records[1]
self.assertIn(expected_error, log_record.msg.detail["account_arn"])
def test_serialization_fails_on_unsupported_cloud_type(self):
"""Test that account is not saved with unsupported cloud_type."""
mock_request = Mock()
mock_request.user = util_helper.generate_test_user()
context = {"request": mock_request}
bad_type = _faker.name()
validated_data = {"cloud_type": bad_type, "name": _faker.name()}
with patch.object(
aws, "verify_account_access") as mock_verify, patch.object(
aws.sts, "boto3") as mock_boto3:
mock_assume_role = mock_boto3.client.return_value.assume_role
mock_assume_role.return_value = self.role
mock_verify.return_value = True, []
serializer = CloudAccountSerializer(context=context,
data=validated_data)
serializer.is_valid()
self.assertEquals(
f'"{bad_type}" is not a valid choice.',
str(serializer.errors["cloud_type"][0]),
)
def test_serialization_fails_on_only_empty_account_arn(self):
"""Test that an AWS account is not saved if account_arn is empty."""
mock_request = Mock()
mock_request.user = util_helper.generate_test_user()
context = {"request": mock_request}
validated_data = {"cloud_type": "aws", "name": _faker.name()}
with patch.object(
aws, "verify_account_access") as mock_verify, patch.object(
aws.sts, "boto3") as mock_boto3:
mock_assume_role = mock_boto3.client.return_value.assume_role
mock_assume_role.return_value = self.role
mock_verify.return_value = True, []
serializer = CloudAccountSerializer(context=context,
data=validated_data)
serializer.is_valid()
with self.assertRaises(ValidationError) as cm:
serializer.create(validated_data)
self.assertEquals(
"This field is required.",
str(cm.exception.detail["account_arn"]),
)