def wrapper(*args, **kwargs): # wrapper function
for field in self.fields.split(
','): # split value provided by comma
if field == 'region':
kwargs[field] = STS().current_region_name()
if field == 'account_id':
kwargs[field] = STS().current_account_id()
return function(*args, **kwargs)
def setUp(self):
self.aws_config = AWS_Config()
self.lambda_ = Lambda()
self.s3 = S3()
self.sts = STS()
self.expected_account_id = '785217600689'
self.expected_region = 'eu-west-1'
self.expected_s3_prefix = 'lambdas'
self.expected_role_name = None
self.expected_s3_bucket = f'{self.expected_account_id}-osbot-{self.expected_s3_prefix}'
self.expected_module = 'osbot_aws.lambdas.dev.hello_world'
self.function_name = 'osbot_aws_lambdas_dev_hello_world'
self.lambda_handler = run
def setup_test_enviroment__API_Gateway(
cls): # todo: refactor into separate class
STS().check_current_session_credentials()
api_gateway = API_Gateway()
result = api_gateway.rest_api_create(cls.test_api_name)
cls.test_api_id = result['id']
assert api_gateway.rest_api_exists(cls.test_api_id)
cls.test_iam_role = IAM_Role_With_Policy()
cls.test_iam_policy_arn = cls.test_iam_role.create_api_gateway__cloudwatch_allow_all(
).get('policies_arns').pop()
assert cls.test_iam_role.exists()
def client(
self,
service_name,
profile_name=None,
region_name=None,
check_credentials=False
): # todo: find better way to do these checks in tests (since doing it here adds quite a bit of overhead
client = self.client_boto3(service_name, profile_name,
region_name).get('client')
if check_credentials:
STS().check_current_session_credentials()
return client
def setUpClass(cls) -> None:
STS().check_current_session_credentials()
cls.cluster_name = 'test_ECS_Fargate_Task-hello-world'
cls.image_name = 'hello-world'
cls.fargate_task = ECS_Fargate_Task(cluster_name=cls.cluster_name,
image_name=cls.image_name)
cls.cluster_arn = cls.fargate_task.cluster_arn()
cls.fargate_task.setup()
cls.task_definition_arn = cls.fargate_task.task_definition_arn()
cls.fargate_task.create()
def test_security_group_authorize_ingress(self):
security_group_name = 'SSH-ONLY'
description = 'only allow SSH traffic'
port = 22
account_id = STS().current_account_id()
with Temp_VPC() as temp_vpc:
vpc_id = temp_vpc.vpc_id
security_group_id = self.ec2.security_group_create(
security_group_name=security_group_name,
description=description,
vpc_id=vpc_id).get('data').get('security_group_id')
self.ec2.security_group_authorize_ingress(
security_group_id=security_group_id, port=port)
security_group = self.ec2.security_group(security_group_id)
assert security_group == {
'Description':
description,
'GroupId':
security_group_id,
'GroupName':
security_group_name,
'IpPermissions': [{
'FromPort': port,
'IpProtocol': 'tcp',
'IpRanges': [{
'CidrIp': '0.0.0.0/0'
}],
'Ipv6Ranges': [],
'PrefixListIds': [],
'ToPort': port,
'UserIdGroupPairs': []
}],
'IpPermissionsEgress': [{
'IpProtocol': '-1',
'IpRanges': [{
'CidrIp': '0.0.0.0/0'
}],
'Ipv6Ranges': [],
'PrefixListIds': [],
'UserIdGroupPairs': []
}],
'OwnerId':
account_id,
'VpcId':
vpc_id
}
assert self.ec2.security_group_delete(security_group_id) is True
def setUpClass(cls) -> None:
STS().check_current_session_credentials()
cls.ecs = ECS()
cls.logs = Cloud_Watch_Logs()
cls.account_id = cls.ecs.account_id
cls.region = cls.ecs.region
cls.cluster_name = 'test_ecs_cluster_2'
cls.task_family = 'test_task_create'
cls.cluster_arn = cls.ecs.cluster_arn(cls.cluster_name)
#create test cluster
cls.cluster = cls.ecs.cluster_create(cls.cluster_name)
assert cls.cluster.get('clusterArn') == cls.cluster_arn
assert cls.cluster.get('clusterName') == cls.cluster_name
assert cls.cluster.get('runningTasksCount') == 0
assert cls.cluster_arn in cls.ecs.clusters_arns()
assert cls.ecs.cluster_exists(cluster_arn=cls.cluster_arn) is True
def setup_test_environment__Deploy_Lambda(
cls): # todo: refactor into separate class
STS().check_current_session_credentials()
cls.lambda_name = "osbot_test_deploy_lambda"
cls.lambda_code = Temp_Folder_With_Lambda_File(cls.lambda_name)
cls.code_folder = cls.lambda_code.folder
lambda_file = cls.lambda_code.tmp_file
module_folder = path_combine(cls.code_folder,
"osbot_test_deploy_lambda")
lambda_in_module = path_combine(module_folder, file_name(lambda_file))
folder_create(module_folder)
file_copy(lambda_file,
lambda_in_module) # todo add a file_move to OSBot_Utils
file_delete(lambda_file)
file_create(path_combine(module_folder, '__init__.py'), "")
sys.path.append(cls.code_folder)
cls.lambda_module = importlib.import_module(
"osbot_test_deploy_lambda.osbot_test_deploy_lambda")
cls.lambda_function = cls.lambda_module.run
def test_role_create_assume_role(self):
sts = STS()
current_user_arn = sts.caller_identity_arn()
original_policy = {'Statement': [ { 'Action' : 'sts:AssumeRole',
'Effect' : 'Allow',
'Principal': { 'Service': 'codebuild.amazonaws.com'}}]}
new_policy = {'Statement': [{'Action' : 'sts:AssumeRole',
'Effect' : 'Allow',
'Principal': {'AWS': current_user_arn } }]}
test_role = IAM(role_name="temp_role_to_test_assume_role")
test_role.role_create(original_policy)
role_arn = test_role.role_arn()
current_assume_policy = test_role.role_assume_policy()
test_role.role_assume_policy_update(new_policy)
for i in range(0,15):
with Catch(log_exception=False):
sts.assume_role(role_arn=role_arn)
sts.assume_role(role_arn=role_arn)
sts.assume_role(role_arn=role_arn)
sts.assume_role(role_arn=role_arn)
sts.assume_role(role_arn=role_arn)
sts.assume_role(role_arn=role_arn)
sts.assume_role(role_arn=role_arn)
sts.assume_role(role_arn=role_arn)
pprint('got credentials')
break
print(f'after {i} seconds')
wait(1)
assert sts.assume_role(role_arn=role_arn).get('Credentials') is not None
test_role.role_assume_policy_update(current_assume_policy)
assert test_role.role_assume_policy() == current_assume_policy
test_role.role_delete()
def setUp(self) -> None:
STS().check_current_session_credentials()
self.handler = run
self.deploy = Deploy_Lambda(self.handler)
self.lambda_name = self.deploy.lambda_name()
def sts(self):
return STS()
class test_Check_Lambda_Deploy_Permissions(TestCase):
def setUp(self):
self.aws_config = AWS_Config()
self.lambda_ = Lambda()
self.s3 = S3()
self.sts = STS()
self.expected_account_id = '785217600689'
self.expected_region = 'eu-west-1'
self.expected_s3_prefix = 'lambdas'
self.expected_role_name = None
self.expected_s3_bucket = f'{self.expected_account_id}-osbot-{self.expected_s3_prefix}'
self.expected_module = 'osbot_aws.lambdas.dev.hello_world'
self.function_name = 'osbot_aws_lambdas_dev_hello_world'
self.lambda_handler = run
def test_aws_config(self):
assert self.aws_config.aws_session_account_id(
) == self.expected_account_id
assert self.aws_config.aws_session_region_name(
) == self.expected_region
assert self.aws_config.lambda_role_name() == self.expected_role_name
assert self.aws_config.lambda_s3_folder_lambdas(
) == self.expected_s3_prefix
assert self.aws_config.lambda_s3_bucket() == self.expected_s3_bucket
def test_check_sts_credentials(self):
assert self.sts.caller_identity_account() == '785217600689'
assert self.sts.check_current_session_credentials() is True
assert self.sts.current_region_name() == self.expected_region
def test_s3_read_access(self):
expected_file = 'lambdas/k8_live_servers.lambdas.screenshot.zip'
buckets = self.s3.buckets()
files_in_bucket = self.s3.find_files(self.expected_s3_bucket,
self.expected_s3_prefix)
assert len(buckets) > 0
assert self.expected_s3_bucket in buckets
assert len(files_in_bucket) > 0
assert expected_file in files_in_bucket
def test_s3_write_access(self):
temp_contents = random_string(length=1024)
temp_file_name = f"{random_string()}_temp_file.txt"
bucket = self.expected_s3_bucket
temp_s3_key = f'{self.expected_s3_prefix}/{temp_file_name}'
assert self.s3.file_exists(bucket=bucket, key=temp_s3_key) is False
self.s3.file_create_from_string(file_contents=temp_contents,
bucket=bucket,
key=temp_s3_key)
assert self.s3.file_delete(bucket=bucket, key=temp_s3_key) is True
assert self.s3.file_exists(bucket=bucket, key=temp_s3_key) is False
def test_lambda_upload_file(self):
deploy_lambda = Deploy_Lambda(self.lambda_handler)
package = deploy_lambda.package
aws_lambda = package.aws_lambda
deploy_lambda.add_function_source_code()
assert run.__module__ == self.expected_module
assert run.__name__ == 'run'
assert '/osbot_aws/lambdas/dev/hello_world.py' in package.get_files()
assert len(files_list(aws_lambda.folder_code)) == len(
package.get_files())
assert file_exists(
path_combine(aws_lambda.folder_code,
'osbot_aws/lambdas/dev/hello_world.py'))
assert aws_lambda.s3_bucket == f'{self.expected_account_id}-osbot-lambdas'
assert aws_lambda.s3_key == f'lambdas/{self.expected_module}.zip'
assert self.s3.file_exists(bucket=aws_lambda.s3_bucket,
key=aws_lambda.s3_key) is True
assert self.s3.file_delete(bucket=aws_lambda.s3_bucket,
key=aws_lambda.s3_key) is True
assert self.s3.file_exists(bucket=aws_lambda.s3_bucket,
key=aws_lambda.s3_key) is False
self.s3.folder_upload(folder=aws_lambda.folder_code,
s3_bucket=aws_lambda.s3_bucket,
s3_key=aws_lambda.s3_key)
assert self.s3.file_exists(bucket=aws_lambda.s3_bucket,
key=aws_lambda.s3_key) is True
def test_lambda_create_manually(self):
deploy_lambda = Deploy_Lambda(self.lambda_handler)
aws_lambda = deploy_lambda.package.aws_lambda
function_arn = f'arn:aws:lambda:{self.expected_region}:{self.expected_account_id}:function:{self.function_name}'
aws_lambda.delete()
assert aws_lambda.exists() is False
result = aws_lambda.create()
data = result.get('data')
assert aws_lambda.exists() is True
assert result.get('status') == 'ok'
assert result.get('name') == self.function_name
assert result.get('status') == 'ok'
assert data.get('CodeSize') > 80000
assert data.get('FunctionArn') == function_arn
assert data.get('Handler') == f'{self.expected_module}.run'
assert data.get('LastUpdateStatus') == 'Successful'
assert data.get('MemorySize') == 10240
assert data.get('PackageType') == 'Zip'
assert aws_lambda.invoke() == 'From lambda code, hello None'
assert aws_lambda.delete()
assert aws_lambda.invoke() == {
'error':
'An error occurred (ResourceNotFoundException) when calling the '
'Invoke operation: Function not found: '
f'{function_arn}'
}
def test_lambda_create_using_deploy(self):
deploy_lambda = Deploy_Lambda(self.lambda_handler)
aws_lambda = deploy_lambda.package.aws_lambda
aws_lambda.delete()
assert aws_lambda.exists() is False
assert deploy_lambda.deploy() is True
assert aws_lambda.exists() is True
assert aws_lambda.invoke() == 'From lambda code, hello None'
assert aws_lambda.delete() is True
def test_user_privs(self):
user_name = 'AlekhAnejaUpwork'
access_key_id = 'AKIA3NUU5XSYZRQYXMP2'
iam_user = IAM(user_name=user_name)
assert iam_user.user_exists()
assert list_set(iam_user.user_access_keys(index_by='AccessKeyId')) == [
access_key_id
]
pprint(iam_user.user_polices())
def setUp(self) -> None:
self.sts = STS()
class test_STS(TestCase):
def setUp(self) -> None:
self.sts = STS()
def test_check_current_session_credentials(self):
self.sts.check_current_session_credentials()
def account_id(self):
return STS().current_account_id()