def test_get_membership_aws_account_error_call_get_role(self):
cause_error = PmError
cause_error.response = copy.deepcopy(DataCommon.ERROR_RESPONSE)
expected_status_member = status_member['Disable']
# mock error call function get_role
with patch('premembers.common.IAMUtils.get_role') as mock_method:
mock_method.side_effect = PmError(cause_error=cause_error,
message=copy.deepcopy(
DataCommon.OPERATION_NAME))
with patch.object(PmLogAdapter, 'warning',
return_value=None) as mock_method_warning:
actual_response = IAMUtils.get_membership_aws_account(
trace_id, session, aws_account)
# check response
self.assertEqual(expected_status_member, actual_response)
# check message log warning
mock_method_warning.assert_any_call("[%s] IAMロール「%s」の取得に失敗しました。",
aws_account, cm_members_role_name)
def test_get_membership_aws_account_error_connect_iam(self):
expected_error_response = copy.deepcopy(DataCommon.ERROR_RESPONSE)
expected_operation_name = copy.deepcopy(DataCommon.OPERATION_NAME)
expected_status_member = status_member['Disable']
# mock error client
with patch.object(session, 'client') as mock_method:
mock_method.side_effect = ClientError(
error_response=expected_error_response,
operation_name=expected_operation_name)
with patch.object(PmLogAdapter, 'error',
return_value=None) as mock_method_error:
actual_response = IAMUtils.get_membership_aws_account(
trace_id, session, aws_account)
# check response
self.assertEqual(expected_status_member, actual_response)
# check message log error
mock_method_error.assert_any_call("[%s] IAMクライアント作成に失敗しました。",
aws_account)
def test_get_membership_aws_account_error_no_such_entity(self):
cause_error = PmError
expected_error_response = copy.deepcopy(DataCommon.ERROR_RESPONSE)
expected_operation_name = copy.deepcopy(DataCommon.OPERATION_NAME)
expected_error_response['Error']['Code'] = "NoSuchEntity"
cause_error.response = expected_error_response
expected_status_member = status_member['Disable']
# mock error no such entity call function get_role
with patch('premembers.common.IAMUtils.get_role') as mock_method:
mock_method.side_effect = PmError(cause_error=cause_error,
message=expected_operation_name)
with patch.object(PmLogAdapter, 'info',
return_value=None) as mock_method_info:
actual_response = IAMUtils.get_membership_aws_account(
trace_id, session, aws_account)
# check response
self.assertEqual(expected_status_member, actual_response)
# check message log info
mock_method_info.assert_any_call("[%s] IAMロール「%s」が存在しません。",
aws_account, cm_members_role_name)
def test_get_membership_aws_account_success(self):
role_data = copy.deepcopy(DataTestIAM.DATA_ROLE)
expected_status_member = status_member['Enable']
# mock client
with patch.object(session, 'client') as mock_method_client:
# mock response function get_role
with patch('premembers.common.IAMUtils.get_role') as mock_method:
mock_method.return_value = role_data
with patch.object(PmLogAdapter, 'info',
return_value=None) as mock_method_info:
actual_response = IAMUtils.get_membership_aws_account(
trace_id, session, aws_account)
# check response
self.assertEqual(expected_status_member, actual_response)
# check message log info
mock_method_info.assert_any_call("[%s] IAMロール「%s」が存在します。", aws_account,
cm_members_role_name)
# check connect client
mock_method_client.assert_any_call(service_name="iam")
def update_awscoop(trace_id, project_id, organization_id, coop_id, data_body):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
# Parse JSON
try:
body_object = json.loads(data_body)
aws_account = body_object["awsAccount"]
role_name = body_object["roleName"]
description = body_object["description"]
aws_account_name = body_object['awsAccountName']
except Exception as e:
return common_utils.error_exception(MsgConst.ERR_REQUEST_202,
HTTPStatus.BAD_REQUEST, e,
pm_logger, True)
# Validate
list_error = validate_update_awscoop(aws_account, role_name)
if list_error:
return common_utils.error_validate(MsgConst.ERR_REQUEST_201,
HTTPStatus.UNPROCESSABLE_ENTITY,
list_error, pm_logger)
# Get data AWSアカウント連携
try:
awscoops_item = pm_awsAccountCoops.get_awscoops_update(
trace_id, coop_id, project_id, organization_id)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# 組織情報を取得します。
if awscoops_item is None:
return common_utils.error_common(MsgConst.ERR_301,
HTTPStatus.NOT_FOUND, pm_logger)
# ロールのアクセス確認
if common_utils.is_null(description):
description = None
if common_utils.is_null(aws_account_name):
aws_account_name = None
external_id = awscoops_item['ExternalID']
effective = Effective.Disable.value
members = None
if (checkaccess.check_access_to_aws(trace_id, aws_account, role_name,
external_id)):
effective = Effective.Enable.value
# IAMクライアントを用いて、IAMロールcm-membersportalを取得します。
try:
session = aws_common.create_session_client(trace_id, aws_account,
role_name, external_id)
members = IAMUtils.get_membership_aws_account(
trace_id, session, aws_account)
except PmError as e:
common_utils.write_log_pm_error(e, pm_logger, exc_info=True)
# update project
attribute = {
'AWSAccount': {
"Value": aws_account
},
'RoleName': {
"Value": role_name
},
'Description': {
"Value": description
},
'Effective': {
"Value": effective
},
'AWSAccountName': {
"Value": aws_account_name
}
}
if (members is not None):
attribute['Members'] = {"Value": members}
updated_at = awscoops_item['UpdatedAt']
try:
pm_awsAccountCoops.update_awscoops(trace_id, coop_id, attribute,
updated_at)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_DB_403,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# Get data response
try:
awscoops_item = pm_awsAccountCoops.query_awscoop_coop_key(
trace_id, coop_id, convert_response=True)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# return data response
response = common_utils.get_response_by_response_body(
HTTPStatus.OK, awscoops_item)
return common_utils.response(response, pm_logger)