def test_get_organizations(self):
"""Test that get_organizations() returns expected data.
Setup:
Create magic mock for execute_sql_with_fetch().
Create fake rows of org data.
Expect:
* get_organizations() call returns expected data: a list of
Organizations.
"""
self.fetch_mock.return_value = self.fake_orgs_db_rows
fake_query = select_data.ORGANIZATIONS.format(self.fake_timestamp)
orgs = self.org_dao.get_organizations(
self.resource_name, self.fake_timestamp)
expected_orgs = [
organization.Organization(
self.fake_orgs_db_rows[0]['org_id'],
display_name=self.fake_orgs_db_rows[0]['display_name'],
lifecycle_state=self.fake_orgs_db_rows[0]['lifecycle_state']),
organization.Organization(
self.fake_orgs_db_rows[1]['org_id'],
display_name=self.fake_orgs_db_rows[1]['display_name'],
lifecycle_state=self.fake_orgs_db_rows[1]['lifecycle_state']),
]
self.assertEqual(expected_orgs, orgs)
def setUp(self, mock_org_dao, mock_folder_dao, mock_project_dao):
mock_org_dao.return_value = None
mock_folder_dao.return_value = None
mock_project_dao.return_value = None
self.org_res_rel_dao = org_resource_rel_dao.OrgResourceRelDao({})
# TODO: move this to separate module
self.fake_org = organization.Organization(
organization_id=1,
display_name='Org 1')
self.fake_folder1 = folder.Folder(
folder_id=11,
display_name='Folder 1',
parent=self.fake_org)
self.fake_folder2 = folder.Folder(
folder_id=22,
display_name='Folder 2',
parent=self.fake_folder1)
self.fake_project1 = project.Project(
project_number=111,
project_id='project-1',
display_name='Project 1',
parent=self.fake_folder2)
self.fake_timestamp = '1234567890'
def get_org_iam_policies(self, resource_name, timestamp):
"""Get the organization policies.
This does not raise any errors if there's a database or json parse
error because we want to return as many organizations as possible.
Args:
resource_name (str): The resource name.
timestamp (str): The timestamp of the snapshot.
Returns:
dict: A dict that maps organizations
(gcp_type.organization.Organization) to their
IAM policies (dict).
"""
org_iam_policies = {}
query = select_data.ORG_IAM_POLICIES.format(timestamp)
rows = self.execute_sql_with_fetch(resource_name, query, ())
for row in rows:
try:
org = organization.Organization(organization_id=row['org_id'])
iam_policy = json.loads(row.get('iam_policy', {}))
org_iam_policies[org] = iam_policy
except ValueError:
LOGGER.warn('Error parsing json:\n %s', row.get('iam_policy'))
return org_iam_policies
def test_get_org_iam_policies(self):
"""Test that get_org_iam_policies() returns expected data.
Setup:
Create magic mock for execute_sql_with_fetch().
Create fake row of org data.
Expect:
* get_org_iam_policies() call returns expected data: a dict of
Organizations and their IAM policies.
"""
org_id = self.fake_orgs_db_rows[0]['org_id']
iam_policy = {
'role': 'roles/something',
'members': ['user:[email protected]']
}
fake_org_iam_policies = [
{'org_id': org_id,
'iam_policy': json.dumps(iam_policy)}
]
self.fetch_mock.return_value = fake_org_iam_policies
actual = self.org_dao.get_org_iam_policies(
self.resource_name, self.fake_timestamp)
org = organization.Organization(org_id)
expected = {
org: iam_policy
}
self.assertEqual(expected, actual)
def test_get_org_iam_policies_malformed_json_error_handled(self):
"""Test malformed json error is handled in get_org_iam_policies().
Setup:
Create magic mock for execute_sql_with_fetch().
Expect:
Log a warning and skip the row.
"""
self.fetch_mock.return_value = self.fake_orgs_bad_iam_db_rows
organization_dao.LOGGER = mock.MagicMock()
expected_org = organization.Organization(
self.fake_orgs_bad_iam_db_rows[0]['org_id'])
expected_iam = json.loads(
self.fake_orgs_bad_iam_db_rows[0]['iam_policy'])
expected = {
expected_org: expected_iam
}
actual = self.org_dao.get_org_iam_policies(
self.resource_name, self.fake_timestamp)
self.assertEqual(1, organization_dao.LOGGER.warn.call_count)
self.assertEqual(expected, actual)
def test_retrieve_error_logged_when_api_error(self, mock_logger):
"""Test that LOGGER.error() is called when there is an API error."""
self.mock_dao.get_organizations.return_value = [
organization.Organization(
self.fake_id)]
self.pipeline.api_client.get_org_iam_policies.side_effect = (
api_errors.ApiExecutionError('11111', mock.MagicMock()))
results = self.pipeline._retrieve()
self.assertEqual([], results)
self.assertEqual(1, mock_logger.error.call_count)
def test_retrieve_error_logged_when_api_error(self):
"""Test that LOGGER.error() is called when there is an API error."""
self.mock_dao.get_organizations.return_value = [
organization.Organization(self.pipeline.configs['organization_id'])]
self.pipeline.api_client.get_org_iam_policies.side_effect = (
api_errors.ApiExecutionError('11111', mock.MagicMock()))
load_org_iam_policies_pipeline.LOGGER = mock.MagicMock()
self.pipeline._retrieve()
self.assertEqual(
1, load_org_iam_policies_pipeline.LOGGER.error.call_count)
def test_api_is_called_to_retrieve_org_policies(self):
"""Test that api is called to retrieve org policies."""
self.mock_dao.get_organizations.return_value = [
organization.Organization(self.pipeline.configs['organization_id'])]
self.pipeline._retrieve()
self.pipeline.api_client.get_org_iam_policies.assert_called_once_with(
self.pipeline.RESOURCE_NAME,
self.pipeline.configs['organization_id'])
def test_get_org_policies_works(self, mock_dao):
"""Test that get_org_policies() works."""
fake_policies = [{
organization.Organization('11111'): {
'role': 'roles/a',
'members': ['user:[email protected]', 'group:[email protected]']
}
}]
mock_dao.OrganizationDao({}).get_org_iam_policies.return_value = (
fake_policies)
policies = self.scanner._get_org_iam_policies()
self.assertEqual(fake_policies, policies)
def test_get_org_policies_works(self, mock_get_org_iam, mock_conn):
"""Test that get_org_policies() works."""
org_policies = [{
organization.Organization('11111'): {
'role': 'roles/a',
'members': ['user:[email protected]', 'group:[email protected]']
}
}]
mock_get_org_iam.return_value = org_policies
actual = self.irs.IamPolicyScanner(
self.fake_timestamp)._get_org_policies()
mock_get_org_iam.assert_called_once_with('organizations',
self.fake_timestamp)
self.assertEqual(org_policies, actual)
def get_organizations(self, resource_name, timestamp):
"""Get organizations from snapshot table.
Args:
timestamp: The timestamp of the snapshot.
Returns:
A list of Organizations.
"""
query = select_data.ORGANIZATIONS.format(timestamp)
rows = self.execute_sql_with_fetch(resource_name, query, ())
orgs = []
for row in rows:
org = organization.Organization(
organization_id=row['org_id'],
display_name=row['display_name'],
lifecycle_state=row['lifecycle_state'])
orgs.append(org)
return orgs
def get_organization(self, org_id, timestamp):
"""Get an organization from the database snapshot.
Args:
org_id (int): The Organization to retrieve.
timestamp (str): The timestamp of the snapshot.
Returns:
Organization: An Organization from the database snapshot.
Raises:
MySQLError: If there was an error getting the organization.
"""
query = select_data.ORGANIZATION_BY_ID.format(timestamp)
rows = self.execute_sql_with_fetch('organization', query, (org_id, ))
if rows:
return organization.Organization(
organization_id=rows[0]['org_id'],
display_name=rows[0]['display_name'],
lifecycle_state=rows[0]['lifecycle_state'])
return None
def test_get_organization(self):
"""Test that get_organization() returns expected data.
Setup:
Create magic mock for execute_sql_with_fetch().
Create fake row of org data.
Expect:
* get_organization() call returns expected data: a single
Organization.
"""
fake_org = self.fake_orgs_db_rows[0]
self.fetch_mock.return_value = [fake_org]
org_id = fake_org['org_id']
org = self.org_dao.get_organization(org_id, self.fake_timestamp)
expected_org = organization.Organization(
fake_org['org_id'],
display_name=fake_org['display_name'],
lifecycle_state=fake_org['lifecycle_state'])
self.assertEqual(expected_org, org)
def find_ancestors(self, resource_id, snapshot_timestamp=0):
return [organization_type.Organization(organization_id=123456)]
