def test_save_aws_org_method(self): """Test that saving to the database works.""" unit_crawler = AWSOrgUnitCrawler(self.account) with schema_context(self.schema): cur_count = AWSOrganizationalUnit.objects.count() self.assertEqual(cur_count, 0) AWSAccountAlias.objects.create(account_id="A_001", account_alias="Root Account") unit_crawler._build_accout_alias_map() unit_crawler._structure_yesterday = {} # Test that we are using a get or create so only one entry should be found. root_ou = {"Id": "R_001", "Name": "root"} root_account = {"Id": "A_001", "Name": "Root Account"} unit_crawler._save_aws_org_method(root_ou, "unit_path", 0, root_account) unit_crawler._save_aws_org_method(root_ou, "unit_path", 0, root_account) with schema_context(self.schema): cur_count = AWSOrganizationalUnit.objects.count() self.assertEqual(cur_count, 1) # simulate an account being moved into a big org big_ou = {"Id": "R_001", "Name": "Big0"} unit_crawler._save_aws_org_method(big_ou, "unit_path&big_org", 1, root_account) with schema_context(self.schema): cur_count = AWSOrganizationalUnit.objects.count() self.assertEqual(cur_count, 2) # simulate a leaf node being added without an account_id unit_crawler._save_aws_org_method(root_ou, "unit_path", 0) with schema_context(self.schema): cur_count = AWSOrganizationalUnit.objects.count() self.assertEqual(cur_count, 3)
def test_org_unit_deleted_state(self): """Test that an org unit that is in a deleted state is fixed when it is found again.""" unit_crawler = AWSOrgUnitCrawler(self.account) with schema_context(self.schema): AWSAccountAlias.objects.create(account_id="A_001", account_alias="Root Account") unit_crawler._build_accout_alias_map() unit_crawler._structure_yesterday = {} root_ou = {"Id": "R_001", "Name": "root"} root_account = {"Id": "A_001", "Name": "Root Account"} unit_crawler._save_aws_org_method(root_ou, "unit_path", 0, root_account) # simulate an org unit getting into a deleted state and ensure that the crawler # nullifies the deleted_timestamp with schema_context(self.schema): ou_to_update = AWSOrganizationalUnit.objects.filter( org_unit_id="R_001") ou_to_update.update( deleted_timestamp=unit_crawler._date_accessor.today()) updated_ou = unit_crawler._save_aws_org_method(root_ou, "unit_path", 0, root_account) with schema_context(self.schema): cur_count = AWSOrganizationalUnit.objects.count() self.assertEqual(cur_count, 1) self.assertEqual(updated_ou.deleted_timestamp, None)
def test_crawl_accounts_per_id(self, mock_session): """Test that the accounts are depaginated and saved to db.""" mock_session.client = MagicMock() parent_id = "big_sub_org" unit_crawler = AWSOrgUnitCrawler(self.account) unit_crawler._init_session() side_effect_list = _generate_act_for_parent_side_effect(self.schema, parent_id, 3) unit_crawler._build_accout_alias_map() unit_crawler._client.list_accounts_for_parent.side_effect = side_effect_list unit_crawler._structure_yesterday = {} prefix = f"root&{parent_id}" ou = {"Id": parent_id, "Name": "Big Org Unit"} unit_crawler._crawl_accounts_per_id(ou, prefix, level=1) with schema_context(self.schema): acts_in_db = AWSOrganizationalUnit.objects.filter(account_alias__isnull=False) self.assertIsNotNone(acts_in_db) self.assertEqual(acts_in_db.count(), 3)
def test_compute_org_structure_interval(self): """Test function that computes org structure for an interval.""" unit_crawler = AWSOrgUnitCrawler(self.account) unit_crawler._build_accout_alias_map() with schema_context(self.schema): cur_count = AWSOrganizationalUnit.objects.count() self.assertEqual(cur_count, 0) unit_crawler._structure_yesterday = {} # Add root node with 1 account created_nodes = [] root = {"Id": "R_001", "Name": "root"} root_account = {"Id": "A_001", "Name": "Root Account"} created_nodes.append( unit_crawler._save_aws_org_method(root, "R_001", 0, None)) created_nodes.append( unit_crawler._save_aws_org_method(root, "R_001", 0, root_account)) # Add sub_org_unit_1 with 2 accounts sub_org_unit_1 = {"Id": "OU_1000", "Name": "sub_org_unit_1"} created_nodes.append( unit_crawler._save_aws_org_method(sub_org_unit_1, "R_001&OU_1000", 1, None)) created_nodes.append( unit_crawler._save_aws_org_method(sub_org_unit_1, "R_001&OU_1000", 1, { "Id": "A_002", "Name": "Sub Org Account 2" })) created_nodes.append( unit_crawler._save_aws_org_method(sub_org_unit_1, "R_001&OU_1000", 1, { "Id": "A_003", "Name": "Sub Org Account 3" })) # Change created date to two_days_ago with schema_context(self.schema): two_days_ago = (unit_crawler._date_accessor.today() - timedelta(2)).strftime("%Y-%m-%d") for node in created_nodes: node.created_timestamp = two_days_ago node.save() curr_count = AWSOrganizationalUnit.objects.filter( created_timestamp__lte=two_days_ago).count() self.assertEqual(curr_count, 5) expected_count_2_days_ago = curr_count # # Add sub_org_unit_2 and move sub_org_unit_1 2 accounts here created_nodes = [] sub_org_unit_2 = {"Id": "OU_2000", "Name": "sub_org_unit_2"} created_nodes.append( unit_crawler._save_aws_org_method(sub_org_unit_2, "R_001&OU_2000", 1, None)) created_nodes.append( unit_crawler._save_aws_org_method(sub_org_unit_2, "R_001&OU_2000", 1, { "Id": "A_002", "Name": "Sub Org Account 2" })) created_nodes.append( unit_crawler._save_aws_org_method(sub_org_unit_2, "R_001&OU_2000", 1, { "Id": "A_003", "Name": "Sub Org Account 3" })) deleted_nodes = unit_crawler._delete_aws_org_unit("OU_1000") # Test fake node delete unit_crawler._delete_aws_org_unit("sub_org_unit_1_Fake") with schema_context(self.schema): yesterday = (unit_crawler._date_accessor.today() - timedelta(1)).strftime("%Y-%m-%d") for node in created_nodes: node.created_timestamp = yesterday node.save() for node in deleted_nodes: node.deleted_timestamp = yesterday node.save() curr_count = AWSOrganizationalUnit.objects.filter( created_timestamp__lte=yesterday).count() deleted_count = AWSOrganizationalUnit.objects.filter( deleted_timestamp__lte=yesterday).count() self.assertEqual(curr_count, 8) self.assertEqual(deleted_count, 3) expected_yesterday_count = curr_count - deleted_count unit_crawler._delete_aws_account("A_002") sub_org_unit_2 = {"Id": "OU_3000", "Name": "sub_org_unit_3"} unit_crawler._save_aws_org_method(sub_org_unit_2, "R_001&OU_3000", 1, None) with schema_context(self.schema): today = unit_crawler._date_accessor.today().strftime("%Y-%m-%d") curr_count = AWSOrganizationalUnit.objects.filter( created_timestamp__lte=today).count() deleted_count = AWSOrganizationalUnit.objects.filter( deleted_timestamp__lte=today).count() self.assertEqual(curr_count, 9) expected_today_count = curr_count - deleted_count # 2 days ago count matches structure_2_days_ago = unit_crawler._compute_org_structure_interval( two_days_ago) self.assertEqual(expected_count_2_days_ago, len(structure_2_days_ago)) # Yesterday count matches unit_crawler._compute_org_structure_yesterday() self.assertEqual(expected_yesterday_count, len(unit_crawler._structure_yesterday)) # today structure_today = unit_crawler._compute_org_structure_interval(today) self.assertEqual(len(structure_today), expected_today_count)