def test_load(): mock_org = MockOrganization() mock_org.simple() org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org.clear_cache() assert not os.path.exists(org._cache_dir) assert not os.path.exists(org._cache_file) org.load() assert os.path.exists(org._cache_file) assert org.id == mock_org.org_id assert org.root_id == mock_org.root_id assert len(org.accounts) == 3 assert len(org.org_units) == 6 assert len(org.policies) == 3 for ou in org.org_units: for policy_id in ou.attached_policy_ids: assert policy_id in [p.id for p in org.policies] for account in org.accounts: for policy_id in account.attached_policy_ids: assert policy_id in [p.id for p in org.policies] for policy in org.policies: for target in policy.targets: if target['Type'] == 'ROOT': assert target['TargetId'] == mock_org.root_id elif target['Type'] == 'ORGANIZATIONAL_UNIT': assert target['TargetId'] in [ou.id for ou in org.org_units] elif target['Type'] == 'ACCOUNT': assert target['TargetId'] in [a.id for a in org.accounts] org_from_cache = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org_from_cache.load() assert org.dump() == org_from_cache.dump() org.clear_cache()
def test_load_org(): mock_org = MockOrganization() mock_org._load_org(SIMPLE_ORG_SPEC) assert isinstance(mock_org.spec, dict) assert mock_org.spec == yaml.safe_load(SIMPLE_ORG_SPEC) assert isinstance(mock_org.org_id, str) assert isinstance(mock_org.root_id, str)
def test_ou_gen(): mock_org = MockOrganization() mock_org._load_org(SIMPLE_ORG_SPEC) ou = dict(name='mock_ou') ou_id = mock_org._ou_gen(ou, mock_org.root_id) assert isinstance(ou_id, str) response = mock_org.client.describe_organizational_unit(OrganizationalUnitId=ou_id) assert response['OrganizationalUnit']['Name'] == ou['name']
def test_complex_build(): mock_org = MockOrganization() mock_org.complex() assert mock_org.spec == yaml.safe_load(COMPLEX_ORG_SPEC) assert len(mock_org.client.list_accounts()['Accounts']) == 13 assert len( mock_org.client.list_policies( Filter='SERVICE_CONTROL_POLICY')['Policies']) == 6 assert len( mock_org.client.list_organizational_units_for_parent( ParentId=mock_org.root_id)['OrganizationalUnits']) == 2
def test_get_or_update_accounts(): MockOrganization().complex() org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org.load() crawler = crawlers.Crawler(org) assert crawler.get_accounts() == crawler.accounts crawler.update_accounts('account01') assert len(crawler.accounts) == 1 assert isinstance(crawler.accounts[0], orgs.OrgAccount) assert crawler.accounts[0].name == 'account01' crawler.update_accounts(['account01', 'account02']) assert len(crawler.accounts) == 2 assert isinstance(crawler.accounts[0], orgs.OrgAccount) assert isinstance(crawler.accounts[1], orgs.OrgAccount) assert crawler.accounts[0].name == 'account01' assert crawler.accounts[1].name == 'account02' crawler.update_accounts('ALL') assert crawler.accounts == crawler.org.accounts crawler.update_accounts([]) assert len(crawler.accounts) == 0 crawler.update_accounts(None) assert len(crawler.accounts) == 0 crawler.update_accounts(None) with pytest.raises(ValueError) as e: crawler.update_accounts('') with pytest.raises(ValueError) as e: crawler.update_accounts(1234) with pytest.raises(ValueError) as e: crawler.update_accounts(dict())
def test_org_cache(): MockOrganization().simple() org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org._load_client() org._load_org() org._load_accounts() org._load_org_units() org._save_cached_org_to_file() assert os.path.exists(org._cache_file) org.clear_cache() assert not os.path.exists(org._cache_file) assert not os.path.exists(org._cache_dir) #os.remove(org._cache_file) with pytest.raises(RuntimeError) as e: loaded_dump = org._get_cached_org_from_file() assert str(e.value) == 'Cache file not found' org._save_cached_org_to_file() timestamp = os.path.getmtime(org._cache_file) - 3600 os.utime(org._cache_file,(timestamp,timestamp)) with pytest.raises(RuntimeError) as e: loaded_dump = org._get_cached_org_from_file() assert str(e.value) == 'Cache file too old' org._save_cached_org_to_file() org_dump = org.dump() loaded_dump = org._get_cached_org_from_file() assert loaded_dump == org_dump org_from_cache = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org_from_cache._load_org_dump(loaded_dump) assert org.dump() == org_from_cache.dump()
def test_list_accounts_by_name_or_id(): mock_org = MockOrganization() mock_org.simple() org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org.load() mock_accounts = mock_org.spec['root'][0]['accounts'] response = org.list_accounts_by_name() assert isinstance(response, list) assert len(response) == 3 assert sorted(response) == [a['name'] for a in mock_accounts] response = org.list_accounts_by_id() assert isinstance(response, list) assert len(response) == 3 for account_id in response: assert re.compile(r'[0-9]{12}').match(account_id) org.clear_cache()
def test_setup_crawler(): Org('no_id', 'no_role').clear_cache() MockOrganization().simple() crawler = setup_crawler(ORG_ACCESS_ROLE) assert isinstance(crawler, crawlers.Crawler) assert len(crawler.org.accounts) == 3 assert len(crawler.org.org_units) == 6 for account in crawler.accounts: assert 'aws_access_key_id' in account.credentials assert 'aws_secret_access_key' in account.credentials assert 'aws_session_token' in account.credentials crawler = setup_crawler( ORG_ACCESS_ROLE, 'account_role', ['account02', 'account03'], ['us-west-2', 'us-east-1'], ) assert crawler.access_role == 'account_role' assert len(crawler.accounts) == 2 assert len(crawler.regions) == 2 assert set([a.name for a in crawler.accounts]) == set(['account02', 'account03']) assert set(crawler.regions) == set(['us-west-2', 'us-east-1']) with pytest.raises(TypeError): crawler = setup_crawler() with pytest.raises(ValueError): crawler = setup_crawler(ORG_ACCESS_ROLE, accounts='bogus_01') with pytest.raises(ValueError): crawler = setup_crawler(ORG_ACCESS_ROLE, regions='bogus_01')
def test_orgcrawler_success(options_list): MockOrganization().simple() runner = CliRunner() result = runner.invoke( orgcrawler.main, options_list, ) assert result.exit_code == 0
def test_orgquery_failure(options_list): MockOrganization().simple() runner = CliRunner() result = runner.invoke( orgquery.main, options_list, ) assert result.exit_code != 0
def test_get_policy_id_by_name(): MockOrganization().complex() org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org.load() policy_id = org.get_policy_id_by_name('policy01') assert isinstance(policy_id, str) assert policy_id == org.get_policy('policy01').id assert org.get_policy_id_by_name('BLEE') is None org.clear_cache()
def test_load_org_units(): MockOrganization().simple() org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org._load_client() org._load_org() org._load_org_units() assert len(org.org_units) == 6 for ou in org.org_units: assert isinstance(ou, orgs.OrganizationalUnit)
def test_load_policies(): MockOrganization().simple() org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org._load_client() org._load_org() org._load_policies() assert len(org.policies) == 3 for policy in org.policies: assert isinstance(policy, orgs.OrgPolicy)
def test_load_accounts(): MockOrganization().simple() org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org._load_client() org._load_org() org._load_accounts() assert len(org.accounts) == 3 assert isinstance(org.accounts[0], orgs.OrgAccount) assert org.accounts[0].parent_id == org.root_id
def test_list_policies_by_name(): MockOrganization().complex() org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org.load() response = org.list_policies_by_name() print(response) assert len(response) == 6 for name in response: assert name.startswith('policy') org.clear_cache()
def test_get_org_unit_id(): MockOrganization().simple() org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org.load() ou = org.org_units[0] assert ou.id == org.get_org_unit_id(ou) assert ou.id == org.get_org_unit_id(ou.id) assert ou.id == org.get_org_unit_id(ou.name) assert org.get_org_unit_id('Blee') is None org.clear_cache()
def test_get_account(): MockOrganization().simple() org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org.load() account = org.get_account('account01') assert isinstance(account, orgs.OrgAccount) assert org.get_account(account) == account assert account.name == 'account01' assert account.id == org.get_account_id_by_name('account01') org.clear_cache()
def test_get_account_id_by_name(): MockOrganization().simple() org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org.load() account_id = org.get_account_id_by_name('account01') accounts_by_boto_client = org.client.list_accounts()['Accounts'] assert account_id == next(( a['Id'] for a in accounts_by_boto_client if a['Name'] == 'account01' ), None) org.clear_cache()
def test_dump_accounts(): mock_org = MockOrganization() mock_org.simple() org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org.load() response = org.dump_accounts() assert isinstance(response, list) assert len(response) == 3 mock_accounts = mock_org.spec['root'][0]['accounts'] for account in response: assert account['master_account_id'] == MASTER_ACCOUNT_ID assert account['organization_id'] == org.id assert account['name'] in [a['name'] for a in mock_accounts] assert re.compile(r'[0-9]{12}').match(account['id']) assert account['parent_id'] == org.root_id assert account['email'] == account['name'] + '@example.com' assert len(account['aliases']) == 0 assert len(account['credentials']) == 0 org.clear_cache()
def test_load_account_credentials(): MockOrganization().complex() org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org.load() crawler = crawlers.Crawler(org) crawler.load_account_credentials() assert isinstance(crawler.accounts, list) assert len(crawler.accounts) == len(org.accounts) for account in crawler.accounts: assert isinstance(account.credentials, dict)
def test_get_policy_name_by_id(): MockOrganization().complex() org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org.load() policy_id = org.get_policy_id_by_name('policy01') response = org.get_policy_name_by_id(policy_id) assert isinstance(response, str) assert response == 'policy01' assert org.get_policy_name_by_id('BLEE') is None org.clear_cache()
def test_crawler_response_init(): MockOrganization().simple() org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org.load() response = crawlers.CrawlerResponse('us-east-1', org.accounts[0]) assert response.region == 'us-east-1' assert isinstance(response.account, orgs.OrgAccount) assert response.payload_output is None assert isinstance(response.timer, crawlers.CrawlerTimer) assert isinstance(response.dump(), dict)
def test_list_policies_by_id(): MockOrganization().complex() org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org.load() response = org.list_policies_by_id() print(response) assert len(response) == 6 for policy_id in response: assert re.compile(r'p-[a-z0-9]{8}').match(policy_id) org.clear_cache()
def test_crawler_execution_init(): MockOrganization().simple() org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org.load() execution = crawlers.CrawlerExecution(get_mock_account_alias) assert isfunction(execution.payload) assert execution.name == 'get_mock_account_alias' assert execution.responses == [] assert isinstance(execution.timer, crawlers.CrawlerTimer) assert isinstance(execution.dump(), dict)
def test_format_responses(): MockOrganization().simple() crawler = setup_crawler(ORG_ACCESS_ROLE) crawler.execute(payload.get_mock_account_alias) execution = crawler.execute(payload.get_mock_account_alias) execution_responses = format_responses(execution) print(yamlfmt(execution_responses)) assert isinstance(execution_responses, list) for response in execution_responses: assert 'Account' in response assert 'Regions' in response
def test_list_org_units_in_ou_recursive(): MockOrganization().complex() org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org.load() response = org.list_org_units_in_ou_recursive(org.root_id) assert len(response) == 6 for ou in response: assert isinstance(ou, orgs.OrganizationalUnit) assert ou.id.startswith('ou-') response = org.list_org_units_in_ou_recursive('ou02') assert len(response) == 2 org.clear_cache()
def test_list_hosted_zones(): MockOrganization().simple() crawler = setup_crawler(ORG_ACCESS_ROLE) account = crawler.accounts[0] region = crawler.regions[0] client = boto3.client('route53', region_name=region, **account.credentials) client.create_hosted_zone( Name='test_zone.example.com', CallerReference='a_unique_string' ) response = route53.list_hosted_zones(region, account) assert response['HostedZones'][0]['Name'] == 'test_zone.example.com.'
def test_account_gen(): mock_org = MockOrganization() mock_org._load_org(SIMPLE_ORG_SPEC) account = dict(name='mock_account', policies=['p1', 'p2']) mock_org._account_gen(account, mock_org.root_id) assert len(mock_org.policy_list) == 2 response = mock_org.client.list_accounts_for_parent(ParentId=mock_org.root_id) assert [a for a in response['Accounts'] if a['Name'] == account['name']]
def test_get_policy_id(): MockOrganization().complex() org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org.load() policy_id = org.get_policy_id('policy01') assert isinstance(policy_id, str) assert re.compile(r'p-[a-z0-9]{8}').match(policy_id) assert policy_id == org.get_policy_id(policy_id) assert policy_id == org.get_policy('policy01').id assert policy_id == org.get_policy_id_by_name('policy01') policy = org.get_policy('policy01') assert policy_id == org.get_policy_id(policy) assert org.get_policy_id('Blee') is None org.clear_cache()
def test_get_or_update_regions(): MockOrganization().complex() org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE) org.load() crawler = crawlers.Crawler(org) assert crawler.get_regions() == ALL_REGIONS crawler.update_regions('GLOBAL') assert crawler.get_regions() == [crawlers.DEFAULT_REGION] crawler.update_regions(utils.regions_for_service('iam')) assert crawler.get_regions() == [crawlers.DEFAULT_REGION] crawler.update_regions(ALL_REGIONS) assert crawler.get_regions() == ALL_REGIONS crawler.update_regions(utils.regions_for_service('cloud9')) assert crawler.get_regions() == utils.regions_for_service('cloud9')