コード例 #1
0
ファイル: test_orgs.py プロジェクト: ashleygould/orgcrawler
def test_load():
    mock_org = MockOrganization()
    mock_org.simple()
    org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
    org.clear_cache()
    assert not os.path.exists(org._cache_dir)
    assert not os.path.exists(org._cache_file)
    org.load()
    assert os.path.exists(org._cache_file)
    assert org.id == mock_org.org_id
    assert org.root_id == mock_org.root_id
    assert len(org.accounts) == 3
    assert len(org.org_units) == 6
    assert len(org.policies) == 3

    for ou in org.org_units:
        for policy_id in ou.attached_policy_ids:
            assert policy_id in [p.id for p in org.policies]
    for account in org.accounts:
        for policy_id in account.attached_policy_ids:
            assert policy_id in [p.id for p in org.policies]

    for policy in org.policies:
        for target in policy.targets:
            if target['Type'] == 'ROOT':
                assert target['TargetId'] == mock_org.root_id
            elif target['Type'] == 'ORGANIZATIONAL_UNIT':
                assert target['TargetId'] in [ou.id for ou in org.org_units]
            elif target['Type'] == 'ACCOUNT':
                assert target['TargetId'] in [a.id for a in org.accounts]

    org_from_cache = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
    org_from_cache.load()
    assert org.dump() == org_from_cache.dump()
    org.clear_cache()
コード例 #2
0
def test_load_org():
    mock_org = MockOrganization()
    mock_org._load_org(SIMPLE_ORG_SPEC)
    assert isinstance(mock_org.spec, dict)
    assert mock_org.spec == yaml.safe_load(SIMPLE_ORG_SPEC)
    assert isinstance(mock_org.org_id, str)
    assert isinstance(mock_org.root_id, str)
コード例 #3
0
def test_ou_gen():
    mock_org = MockOrganization()
    mock_org._load_org(SIMPLE_ORG_SPEC)
    ou = dict(name='mock_ou')
    ou_id = mock_org._ou_gen(ou, mock_org.root_id)
    assert isinstance(ou_id, str)
    response = mock_org.client.describe_organizational_unit(OrganizationalUnitId=ou_id)
    assert response['OrganizationalUnit']['Name'] == ou['name']
コード例 #4
0
def test_complex_build():
    mock_org = MockOrganization()
    mock_org.complex()
    assert mock_org.spec == yaml.safe_load(COMPLEX_ORG_SPEC)
    assert len(mock_org.client.list_accounts()['Accounts']) == 13
    assert len(
        mock_org.client.list_policies(
            Filter='SERVICE_CONTROL_POLICY')['Policies']) == 6
    assert len(
        mock_org.client.list_organizational_units_for_parent(
            ParentId=mock_org.root_id)['OrganizationalUnits']) == 2
コード例 #5
0
def test_get_or_update_accounts():
    MockOrganization().complex()
    org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
    org.load()
    crawler = crawlers.Crawler(org)
    assert crawler.get_accounts() == crawler.accounts
    crawler.update_accounts('account01')
    assert len(crawler.accounts) == 1
    assert isinstance(crawler.accounts[0], orgs.OrgAccount)
    assert crawler.accounts[0].name == 'account01'
    crawler.update_accounts(['account01', 'account02'])
    assert len(crawler.accounts) == 2
    assert isinstance(crawler.accounts[0], orgs.OrgAccount)
    assert isinstance(crawler.accounts[1], orgs.OrgAccount)
    assert crawler.accounts[0].name == 'account01'
    assert crawler.accounts[1].name == 'account02'
    crawler.update_accounts('ALL')
    assert crawler.accounts == crawler.org.accounts
    crawler.update_accounts([])
    assert len(crawler.accounts) == 0
    crawler.update_accounts(None)
    assert len(crawler.accounts) == 0
    crawler.update_accounts(None)
    with pytest.raises(ValueError) as e:
        crawler.update_accounts('')
    with pytest.raises(ValueError) as e:
        crawler.update_accounts(1234)
    with pytest.raises(ValueError) as e:
        crawler.update_accounts(dict())
コード例 #6
0
ファイル: test_orgs.py プロジェクト: ashleygould/orgcrawler
def test_org_cache():
    MockOrganization().simple()
    org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
    org._load_client()
    org._load_org()
    org._load_accounts()
    org._load_org_units()

    org._save_cached_org_to_file()
    assert os.path.exists(org._cache_file)

    org.clear_cache()
    assert not os.path.exists(org._cache_file)
    assert not os.path.exists(org._cache_dir)

    #os.remove(org._cache_file)
    with pytest.raises(RuntimeError) as e:
        loaded_dump = org._get_cached_org_from_file()
    assert str(e.value) == 'Cache file not found'

    org._save_cached_org_to_file()
    timestamp = os.path.getmtime(org._cache_file) - 3600
    os.utime(org._cache_file,(timestamp,timestamp))
    with pytest.raises(RuntimeError) as e:
        loaded_dump = org._get_cached_org_from_file()
    assert str(e.value) == 'Cache file too old'

    org._save_cached_org_to_file()
    org_dump = org.dump()
    loaded_dump = org._get_cached_org_from_file()
    assert loaded_dump == org_dump

    org_from_cache = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
    org_from_cache._load_org_dump(loaded_dump)
    assert org.dump() == org_from_cache.dump()
コード例 #7
0
ファイル: test_orgs.py プロジェクト: ashleygould/orgcrawler
def test_list_accounts_by_name_or_id():
    mock_org = MockOrganization()
    mock_org.simple()
    org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
    org.load()
    mock_accounts = mock_org.spec['root'][0]['accounts']
    response = org.list_accounts_by_name()
    assert isinstance(response, list)
    assert len(response) == 3
    assert sorted(response) == [a['name'] for a in mock_accounts]
    response = org.list_accounts_by_id()
    assert isinstance(response, list)
    assert len(response) == 3
    for account_id in response:
        assert re.compile(r'[0-9]{12}').match(account_id)
    org.clear_cache()
コード例 #8
0
ファイル: test_utils.py プロジェクト: ashleygould/orgcrawler
def test_setup_crawler():
    Org('no_id', 'no_role').clear_cache()
    MockOrganization().simple()
    crawler = setup_crawler(ORG_ACCESS_ROLE)
    assert isinstance(crawler, crawlers.Crawler)
    assert len(crawler.org.accounts) == 3
    assert len(crawler.org.org_units) == 6
    for account in crawler.accounts:
        assert 'aws_access_key_id' in account.credentials
        assert 'aws_secret_access_key' in account.credentials
        assert 'aws_session_token' in account.credentials
    crawler = setup_crawler(
        ORG_ACCESS_ROLE,
        'account_role',
        ['account02', 'account03'],
        ['us-west-2', 'us-east-1'],
    )
    assert crawler.access_role == 'account_role'
    assert len(crawler.accounts) == 2
    assert len(crawler.regions) == 2
    assert set([a.name
                for a in crawler.accounts]) == set(['account02', 'account03'])
    assert set(crawler.regions) == set(['us-west-2', 'us-east-1'])
    with pytest.raises(TypeError):
        crawler = setup_crawler()
    with pytest.raises(ValueError):
        crawler = setup_crawler(ORG_ACCESS_ROLE, accounts='bogus_01')
    with pytest.raises(ValueError):
        crawler = setup_crawler(ORG_ACCESS_ROLE, regions='bogus_01')
コード例 #9
0
def test_orgcrawler_success(options_list):
    MockOrganization().simple()
    runner = CliRunner()
    result = runner.invoke(
        orgcrawler.main,
        options_list,
    )
    assert result.exit_code == 0
コード例 #10
0
def test_orgquery_failure(options_list):
    MockOrganization().simple()
    runner = CliRunner()
    result = runner.invoke(
        orgquery.main,
        options_list,
    )
    assert result.exit_code != 0
コード例 #11
0
ファイル: test_orgs.py プロジェクト: ashleygould/orgcrawler
def test_get_policy_id_by_name():
    MockOrganization().complex()
    org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
    org.load()
    policy_id = org.get_policy_id_by_name('policy01')
    assert isinstance(policy_id, str)
    assert policy_id == org.get_policy('policy01').id
    assert org.get_policy_id_by_name('BLEE') is None
    org.clear_cache()
コード例 #12
0
ファイル: test_orgs.py プロジェクト: ashleygould/orgcrawler
def test_load_org_units():
    MockOrganization().simple()
    org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
    org._load_client()
    org._load_org()
    org._load_org_units()
    assert len(org.org_units) == 6
    for ou in org.org_units:
        assert isinstance(ou, orgs.OrganizationalUnit)
コード例 #13
0
ファイル: test_orgs.py プロジェクト: ashleygould/orgcrawler
def test_load_policies():
    MockOrganization().simple()
    org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
    org._load_client()
    org._load_org()
    org._load_policies()
    assert len(org.policies) == 3
    for policy in org.policies:
        assert isinstance(policy, orgs.OrgPolicy)
コード例 #14
0
ファイル: test_orgs.py プロジェクト: ashleygould/orgcrawler
def test_load_accounts():
    MockOrganization().simple()
    org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
    org._load_client()
    org._load_org()
    org._load_accounts()
    assert len(org.accounts) == 3
    assert isinstance(org.accounts[0], orgs.OrgAccount)
    assert org.accounts[0].parent_id == org.root_id
コード例 #15
0
ファイル: test_orgs.py プロジェクト: ashleygould/orgcrawler
def test_list_policies_by_name():
    MockOrganization().complex()
    org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
    org.load()
    response = org.list_policies_by_name()
    print(response)
    assert len(response) == 6
    for name in response:
        assert name.startswith('policy')
    org.clear_cache()
コード例 #16
0
ファイル: test_orgs.py プロジェクト: ashleygould/orgcrawler
def test_get_org_unit_id():
    MockOrganization().simple()
    org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
    org.load()
    ou = org.org_units[0]
    assert ou.id == org.get_org_unit_id(ou)
    assert ou.id == org.get_org_unit_id(ou.id)
    assert ou.id == org.get_org_unit_id(ou.name)
    assert org.get_org_unit_id('Blee') is None
    org.clear_cache()
コード例 #17
0
ファイル: test_orgs.py プロジェクト: ashleygould/orgcrawler
def test_get_account():
    MockOrganization().simple()
    org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
    org.load()
    account = org.get_account('account01')
    assert isinstance(account, orgs.OrgAccount)
    assert org.get_account(account) == account
    assert account.name == 'account01'
    assert account.id == org.get_account_id_by_name('account01')
    org.clear_cache()
コード例 #18
0
ファイル: test_orgs.py プロジェクト: ashleygould/orgcrawler
def test_get_account_id_by_name():
    MockOrganization().simple()
    org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
    org.load()
    account_id = org.get_account_id_by_name('account01')
    accounts_by_boto_client = org.client.list_accounts()['Accounts']
    assert account_id == next((
        a['Id'] for a in accounts_by_boto_client if a['Name'] == 'account01'
    ), None)
    org.clear_cache()
コード例 #19
0
ファイル: test_orgs.py プロジェクト: ashleygould/orgcrawler
def test_dump_accounts():
    mock_org = MockOrganization()
    mock_org.simple()
    org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
    org.load()
    response = org.dump_accounts()
    assert isinstance(response, list)
    assert len(response) == 3
    mock_accounts = mock_org.spec['root'][0]['accounts']
    for account in response:
        assert account['master_account_id'] == MASTER_ACCOUNT_ID
        assert account['organization_id'] == org.id
        assert account['name'] in [a['name'] for a in mock_accounts]
        assert re.compile(r'[0-9]{12}').match(account['id'])
        assert account['parent_id'] == org.root_id
        assert account['email'] == account['name'] + '@example.com'
        assert len(account['aliases']) == 0
        assert len(account['credentials']) == 0
    org.clear_cache()
コード例 #20
0
def test_load_account_credentials():
    MockOrganization().complex()
    org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
    org.load()
    crawler = crawlers.Crawler(org)
    crawler.load_account_credentials()
    assert isinstance(crawler.accounts, list)
    assert len(crawler.accounts) == len(org.accounts)
    for account in crawler.accounts:
        assert isinstance(account.credentials, dict)
コード例 #21
0
ファイル: test_orgs.py プロジェクト: ashleygould/orgcrawler
def test_get_policy_name_by_id():
    MockOrganization().complex()
    org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
    org.load()
    policy_id = org.get_policy_id_by_name('policy01')
    response = org.get_policy_name_by_id(policy_id)
    assert isinstance(response, str)
    assert response == 'policy01'
    assert org.get_policy_name_by_id('BLEE') is None
    org.clear_cache()
コード例 #22
0
def test_crawler_response_init():
    MockOrganization().simple()
    org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
    org.load()
    response = crawlers.CrawlerResponse('us-east-1', org.accounts[0])
    assert response.region == 'us-east-1'
    assert isinstance(response.account, orgs.OrgAccount)
    assert response.payload_output is None
    assert isinstance(response.timer, crawlers.CrawlerTimer)
    assert isinstance(response.dump(), dict)
コード例 #23
0
ファイル: test_orgs.py プロジェクト: ashleygould/orgcrawler
def test_list_policies_by_id():
    MockOrganization().complex()
    org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
    org.load()
    response = org.list_policies_by_id()
    print(response)
    assert len(response) == 6
    for policy_id in response:
        assert re.compile(r'p-[a-z0-9]{8}').match(policy_id)
    org.clear_cache()
コード例 #24
0
def test_crawler_execution_init():
    MockOrganization().simple()
    org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
    org.load()
    execution = crawlers.CrawlerExecution(get_mock_account_alias)
    assert isfunction(execution.payload)
    assert execution.name == 'get_mock_account_alias'
    assert execution.responses == []
    assert isinstance(execution.timer, crawlers.CrawlerTimer)
    assert isinstance(execution.dump(), dict)
コード例 #25
0
ファイル: test_utils.py プロジェクト: ashleygould/orgcrawler
def test_format_responses():
    MockOrganization().simple()
    crawler = setup_crawler(ORG_ACCESS_ROLE)
    crawler.execute(payload.get_mock_account_alias)
    execution = crawler.execute(payload.get_mock_account_alias)
    execution_responses = format_responses(execution)
    print(yamlfmt(execution_responses))
    assert isinstance(execution_responses, list)
    for response in execution_responses:
        assert 'Account' in response
        assert 'Regions' in response
コード例 #26
0
ファイル: test_orgs.py プロジェクト: ashleygould/orgcrawler
def test_list_org_units_in_ou_recursive():
    MockOrganization().complex()
    org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
    org.load()
    response = org.list_org_units_in_ou_recursive(org.root_id)
    assert len(response) == 6
    for ou in response:
        assert isinstance(ou, orgs.OrganizationalUnit)
        assert ou.id.startswith('ou-')
    response = org.list_org_units_in_ou_recursive('ou02')
    assert len(response) == 2
    org.clear_cache()
コード例 #27
0
def test_list_hosted_zones():
    MockOrganization().simple()
    crawler = setup_crawler(ORG_ACCESS_ROLE)
    account = crawler.accounts[0]
    region = crawler.regions[0]
    client = boto3.client('route53', region_name=region, **account.credentials)
    client.create_hosted_zone(
        Name='test_zone.example.com',
        CallerReference='a_unique_string'
    )
    response = route53.list_hosted_zones(region, account)
    assert response['HostedZones'][0]['Name'] == 'test_zone.example.com.'
コード例 #28
0
def test_account_gen():
    mock_org = MockOrganization()
    mock_org._load_org(SIMPLE_ORG_SPEC)
    account = dict(name='mock_account', policies=['p1', 'p2'])
    mock_org._account_gen(account, mock_org.root_id)
    assert len(mock_org.policy_list) == 2
    response = mock_org.client.list_accounts_for_parent(ParentId=mock_org.root_id)
    assert [a for a in response['Accounts'] if a['Name'] == account['name']]
コード例 #29
0
ファイル: test_orgs.py プロジェクト: ashleygould/orgcrawler
def test_get_policy_id():
    MockOrganization().complex()
    org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
    org.load()
    policy_id = org.get_policy_id('policy01')
    assert isinstance(policy_id, str)
    assert re.compile(r'p-[a-z0-9]{8}').match(policy_id)
    assert policy_id == org.get_policy_id(policy_id)
    assert policy_id == org.get_policy('policy01').id
    assert policy_id == org.get_policy_id_by_name('policy01')
    policy = org.get_policy('policy01')
    assert policy_id == org.get_policy_id(policy)
    assert org.get_policy_id('Blee') is None
    org.clear_cache()
コード例 #30
0
def test_get_or_update_regions():
    MockOrganization().complex()
    org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
    org.load()
    crawler = crawlers.Crawler(org)
    assert crawler.get_regions() == ALL_REGIONS
    crawler.update_regions('GLOBAL')
    assert crawler.get_regions() == [crawlers.DEFAULT_REGION]
    crawler.update_regions(utils.regions_for_service('iam'))
    assert crawler.get_regions() == [crawlers.DEFAULT_REGION]
    crawler.update_regions(ALL_REGIONS)
    assert crawler.get_regions() == ALL_REGIONS
    crawler.update_regions(utils.regions_for_service('cloud9'))
    assert crawler.get_regions() == utils.regions_for_service('cloud9')