def test_create_fails_when_account_not_verified(self): """Test that an account is not saved if verification fails.""" aws_account_id = util_helper.generate_dummy_aws_account_id() arn = util_helper.generate_dummy_arn(aws_account_id) role = util_helper.generate_dummy_role() validated_data = { 'account_arn': arn, } mock_request = Mock() mock_request.user = util_helper.generate_test_user() context = {'request': mock_request} failed_actions = ['foo', 'bar'] with patch.object(aws, 'verify_account_access') as mock_verify, \ patch.object(aws.sts, 'boto3') as mock_boto3: mock_assume_role = mock_boto3.client.return_value.assume_role mock_assume_role.return_value = role mock_verify.return_value = False, failed_actions serializer = AwsAccountSerializer(context=context) with self.assertRaises(serializers.ValidationError) as cm: serializer.create(validated_data) exception = cm.exception self.assertIn('account_arn', exception.detail) for index in range(len(failed_actions)): self.assertIn(failed_actions[index], exception.detail['account_arn'][index + 1])
def test_create_fails_when_assume_role_fails_unexpectedly(self): """Test that account is not saved if assume_role fails unexpectedly.""" aws_account_id = util_helper.generate_dummy_aws_account_id() arn = util_helper.generate_dummy_arn(aws_account_id) validated_data = { 'account_arn': arn, } mock_request = Mock() mock_request.user = util_helper.generate_test_user() context = {'request': mock_request} client_error = ClientError( error_response=MagicMock(), operation_name=Mock(), ) with patch.object(aws.sts, 'boto3') as mock_boto3: mock_assume_role = mock_boto3.client.return_value.assume_role mock_assume_role.side_effect = client_error serializer = AwsAccountSerializer(context=context) with self.assertRaises(ClientError) as cm: serializer.create(validated_data) raised_exception = cm.exception self.assertEqual(raised_exception, client_error)
def test_create_fails_when_arn_access_denied(self): """Test that an account is not saved if ARN access is denied.""" aws_account_id = util_helper.generate_dummy_aws_account_id() arn = util_helper.generate_dummy_arn(aws_account_id) validated_data = { 'account_arn': arn, } mock_request = Mock() mock_request.user = util_helper.generate_test_user() context = {'request': mock_request} client_error = ClientError( error_response={'Error': { 'Code': 'AccessDenied' }}, operation_name=Mock(), ) with patch.object(aws.sts, 'boto3') as mock_boto3: mock_assume_role = mock_boto3.client.return_value.assume_role mock_assume_role.side_effect = client_error serializer = AwsAccountSerializer(context=context) with self.assertRaises(ValidationError) as cm: serializer.create(validated_data) raised_exception = cm.exception self.assertIn('account_arn', raised_exception.detail) self.assertIn(arn, raised_exception.detail['account_arn'][0])
def test_create_fails_when_cloudtrail_fails(self): """Test that an account is not saved if cloudtrails errors.""" aws_account_id = util_helper.generate_dummy_aws_account_id() arn = util_helper.generate_dummy_arn(aws_account_id) role = util_helper.generate_dummy_role() validated_data = { 'account_arn': arn, } client_error = ClientError( error_response={'Error': { 'Code': 'AccessDeniedException' }}, operation_name=Mock(), ) mock_request = Mock() mock_request.user = util_helper.generate_test_user() context = {'request': mock_request} with patch.object(aws, 'verify_account_access') as mock_verify, \ patch.object(aws.sts, 'boto3') as mock_boto3, \ patch.object(aws, 'configure_cloudtrail') as mock_cloudtrail: mock_assume_role = mock_boto3.client.return_value.assume_role mock_assume_role.return_value = role mock_verify.return_value = True, [] mock_cloudtrail.side_effect = client_error serializer = AwsAccountSerializer(context=context) with self.assertRaises(ValidationError) as cm: serializer.create(validated_data) raised_exception = cm.exception self.assertIn('account_arn', raised_exception.detail) self.assertIn(arn, raised_exception.detail['account_arn'][0])
def test_openshift_no_tags(self, mock_aws, mock_check_image_state): """Test case where AMI has no tags.""" mock_session = mock_aws.boto3.Session.return_value ami_id = util_helper.generate_dummy_image_id() ami_region = random.choice(util_helper.SOME_AWS_REGIONS) mock_ami = util_helper.generate_mock_image(ami_id) mock_ami.tags = None mock_resource = mock_session.resource.return_value mock_resource.Image.return_value = mock_ami test_user = util_helper.generate_test_user() test_account = AwsAccount.objects.create( user=test_user, aws_account_id=util_helper.generate_dummy_aws_account_id, account_arn=util_helper.generate_dummy_arn) test_image = AwsMachineImage.objects.create(account=test_account, ec2_ami_id=ami_id) serializer = AwsAccountSerializer() openshift_tag = test_image.tags.filter(description='openshift').first() self.assertEqual(openshift_tag, None) serializer.add_openshift_tag(mock_session, ami_id, ami_region, test_image) openshift_tag = test_image.tags.filter(description='openshift').first() self.assertEqual(openshift_tag, None)
def test_openshift_tag_added(self, mock_aws, mock_check_image_state): """Test openshift tag added to MachineImage.""" mock_session = mock_aws.boto3.Session.return_value ami_id = util_helper.generate_dummy_image_id() ami_region = random.choice(util_helper.SOME_AWS_REGIONS) mock_ami = util_helper.generate_mock_image(ami_id) mock_ami.tags = [{ 'Key': 'cloudigrade-ocp-present', 'Value': 'cloudigrade-ocp-present' }] mock_resource = mock_session.resource.return_value mock_resource.Image.return_value = mock_ami test_user = util_helper.generate_test_user() test_account = AwsAccount.objects.create( user=test_user, aws_account_id=util_helper.generate_dummy_aws_account_id, account_arn=util_helper.generate_dummy_arn) test_image = AwsMachineImage.objects.create(account=test_account, ec2_ami_id=ami_id) serializer = AwsAccountSerializer() openshift_tag = test_image.tags.filter(description='openshift').first() self.assertEqual(openshift_tag, None) serializer.add_openshift_tag(mock_session, ami_id, ami_region, test_image) openshift_tag = test_image.tags.filter(description='openshift').first() self.assertNotEqual(openshift_tag, None)
def test_create_succeeds_when_account_verified(self): """Test saving and processing of a test ARN.""" aws_account_id = util_helper.generate_dummy_aws_account_id() arn = util_helper.generate_dummy_arn(aws_account_id) role = util_helper.generate_dummy_role() region = random.choice(util_helper.SOME_AWS_REGIONS) running_instances = { region: [ util_helper.generate_dummy_describe_instance( state=aws.InstanceState.running), util_helper.generate_dummy_describe_instance( state=aws.InstanceState.stopping) ] } validated_data = { 'account_arn': arn, } mock_request = Mock() mock_request.user = util_helper.generate_test_user() context = {'request': mock_request} with patch.object(aws, 'verify_account_access') as mock_verify, \ patch.object(aws.sts, 'boto3') as mock_boto3, \ patch.object(aws, 'get_running_instances') as mock_get_run, \ patch.object(account_serializers, 'copy_ami_snapshot') as mock_copy_snapshot: mock_assume_role = mock_boto3.client.return_value.assume_role mock_assume_role.return_value = role mock_verify.return_value = True, [] mock_get_run.return_value = running_instances mock_copy_snapshot.return_value = None serializer = AwsAccountSerializer(context=context) result = serializer.create(validated_data) self.assertIsInstance(result, AwsAccount) account = AwsAccount.objects.get(aws_account_id=aws_account_id) self.assertEqual(aws_account_id, account.aws_account_id) self.assertEqual(arn, account.account_arn) instances = AwsInstance.objects.filter(account=account).all() self.assertEqual(len(running_instances[region]), len(instances)) for region, mock_instances_list in running_instances.items(): for mock_instance in mock_instances_list: instance_id = mock_instance['InstanceId'] instance = AwsInstance.objects.get(ec2_instance_id=instance_id) self.assertIsInstance(instance, AwsInstance) self.assertEqual(region, instance.region) event = InstanceEvent.objects.get(instance=instance) self.assertIsInstance(event, InstanceEvent) self.assertEqual(InstanceEvent.TYPE.power_on, event.event_type) amis = AwsMachineImage.objects.filter(account=account).all() self.assertEqual(len(running_instances[region]), len(amis))
def test_create_succeeds_when_account_verified(self): """Test saving and processing of a test ARN.""" aws_account_id = util_helper.generate_dummy_aws_account_id() arn = util_helper.generate_dummy_arn(aws_account_id) role = util_helper.generate_dummy_role() region = f'region-{uuid.uuid4()}' running_instances = { region: [ util_helper.generate_dummy_describe_instance( state=aws.InstanceState.running), util_helper.generate_dummy_describe_instance( state=aws.InstanceState.stopping) ] } validated_data = { 'account_arn': arn, } with patch.object(aws, 'verify_account_access') as mock_verify, \ patch.object(aws, 'boto3') as mock_boto3, \ patch.object(aws, 'get_running_instances') as mock_get_running: mock_assume_role = mock_boto3.client.return_value.assume_role mock_assume_role.return_value = role mock_verify.return_value = True mock_get_running.return_value = running_instances serializer = AwsAccountSerializer() result = serializer.create(validated_data) self.assertIsInstance(result, AwsAccount) account = AwsAccount.objects.get(aws_account_id=aws_account_id) self.assertEqual(aws_account_id, account.aws_account_id) self.assertEqual(arn, account.account_arn) instances = AwsInstance.objects.filter(account=account).all() self.assertEqual(len(running_instances[region]), len(instances)) for region, mock_instances_list in running_instances.items(): for mock_instance in mock_instances_list: instance_id = mock_instance['InstanceId'] instance = AwsInstance.objects.get(ec2_instance_id=instance_id) self.assertIsInstance(instance, AwsInstance) self.assertEqual(region, instance.region) event = InstanceEvent.objects.get(instance=instance) self.assertIsInstance(event, InstanceEvent) self.assertEqual(InstanceEvent.TYPE.power_on, event.event_type)
def test_create_fails_when_another_arn_has_same_aws_account_id(self): """Test that an account is not saved if ARN reuses an AWS account.""" user = util_helper.generate_test_user() aws_account_id = util_helper.generate_dummy_aws_account_id() arn = util_helper.generate_dummy_arn(aws_account_id) role = util_helper.generate_dummy_role() region = random.choice(util_helper.SOME_AWS_REGIONS) running_instances = { region: [ util_helper.generate_dummy_describe_instance( state=aws.InstanceState.running), util_helper.generate_dummy_describe_instance( state=aws.InstanceState.stopping) ] } validated_data = { 'account_arn': arn, } # Create one with the same AWS account ID but a different ARN. account_helper.generate_aws_account( aws_account_id=aws_account_id, user=user, ) mock_request = Mock() mock_request.user = util_helper.generate_test_user() context = {'request': mock_request} with patch.object(aws, 'verify_account_access') as mock_verify, \ patch.object(aws.sts, 'boto3') as mock_boto3, \ patch.object(aws, 'get_running_instances') as mock_get_run: mock_assume_role = mock_boto3.client.return_value.assume_role mock_assume_role.return_value = role mock_verify.return_value = True, [] mock_get_run.return_value = running_instances serializer = AwsAccountSerializer(context=context) with self.assertRaises(ValidationError) as cm: serializer.create(validated_data) raised_exception = cm.exception self.assertIn('account_arn', raised_exception.detail) self.assertIn(aws_account_id, raised_exception.detail['account_arn'][0])
def test_create_fails_when_account_not_verified(self): """Test that an account is not saved if verification fails.""" aws_account_id = util_helper.generate_dummy_aws_account_id() arn = util_helper.generate_dummy_arn(aws_account_id) role = util_helper.generate_dummy_role() validated_data = { 'account_arn': arn, } expected_detail = _( 'AwsAccount verification failed. ARN Info Not Stored') with patch.object(aws, 'verify_account_access') as mock_verify, \ patch.object(aws, 'boto3') as mock_boto3: mock_assume_role = mock_boto3.client.return_value.assume_role mock_assume_role.return_value = role mock_verify.return_value = False serializer = AwsAccountSerializer() with self.assertRaises(serializers.ValidationError) as cm: serializer.create(validated_data) the_exception = cm.exception self.assertEqual(the_exception.detail, [expected_detail])