def __assert_call_with_tag(self,
mock_print,
mock_aws_class,
tag="ip-liberator"):
# given
group_id = "sg-1"
settings = make_settings(security_groups=[group_id])
index = make_services_index(settings, tag)
rule = next(make_rules(index, settings['config']))
# given
with os.fdopen(self.fd, mode='w') as file:
json.dump(settings, file)
# given
program_args = ["--profile", self.filename]
if tag != "ip-liberator":
program_args += ["--tag", tag]
# when
main(args=program_args)
# then
mock_print.assert_has_calls([
mock.call("Authorizing rules", name_port_list(index), "to IP", IP),
mock.call('-', group_id)
])
# then
mock_aws_class.assert_called_once_with(ANY, ANY, ANY)
mock_liberator = mock_aws_class.return_value
mock_liberator.describe_rules.assert_called_once_with(
index, settings['config'])
mock_liberator.authorize_rule.assert_called_once_with(rule)
def test_main(self, mock_print, mock_aws_class):
# given
access_key = "LT7F9TDQ"
secret_key = "SAERB0DITUERDQTYYX8Q"
region_name = "sa-west-1"
operator = "Fighter"
services = [{"name": "HTTP", "port": "80"}]
security_groups = ["sg-1"]
# given
settings = make_settings(access_key, secret_key, region_name, operator,
services, security_groups)
index = make_services_index(settings)
rule = next(make_rules(index, settings['config']))
# given
with os.fdopen(self.fd, mode='w') as file:
json.dump(settings, file)
# when
main(args=["--no-tag", "--profile", self.filename])
# then
mock_print.assert_has_calls([
mock.call("Authorizing rules", name_port_list(index), "to IP", IP),
mock.call('-', security_groups[0])
])
# then
mock_aws_class.assert_called_once_with(access_key, secret_key,
region_name)
mock_liberator = mock_aws_class.return_value
mock_liberator.describe_rules.assert_called_once_with(
index, settings['config'])
mock_liberator.authorize_rule.assert_called_once_with(rule)
def test_make_rules__no_port_range(mock_ip):
mock_ip.return_value = '10.0.0.1/32'
ports_input = [
"",
" ",
"\t\n "
]
for port in ports_input:
rules = make_rules(config={"security_groups": ["sg-1"]},
services={"SVC": {"port": port}})
with pytest.raises(ValueError, match="No port range informed in service: SVC"):
next(rules)
def test_make_rules(mock_ip):
mock_ip.return_value = '10.0.0.1/32'
rules = make_rules(config={"security_groups": ["sg-1"]},
services={"John SFTP": {"name": "SFTP", "port": "22"},
"John HTTP": {"name": "HTTP", "port": "80"}})
expected = {'GroupId': 'sg-1',
'IpPermissions': [
{'FromPort': 22, 'ToPort': 22, 'IpProtocol': 'tcp',
'IpRanges': [{'CidrIp': '10.0.0.1/32', 'Description': 'John SFTP'}]},
{'FromPort': 80, 'ToPort': 80, 'IpProtocol': 'tcp',
'IpRanges': [{'CidrIp': '10.0.0.1/32', 'Description': 'John HTTP'}]}
]}
assert isinstance(rules, typing.Iterator)
assert next(rules) == expected
with pytest.raises(StopIteration): next(rules)
def test_make_rules__invalid_port_range(mock_ip):
mock_ip.return_value = '10.0.0.1/32'
ports_input = [
"1-2-3",
"100-",
"-100",
"abc",
"1 2 3",
]
for port in ports_input:
rules = make_rules(config={"security_groups": ["sg-1"]},
services={"SVC": {"port": port}})
with pytest.raises(ValueError, match="Invalid port range: '%s'" % port):
next(rules)
def test_main__ip_informed_at_service(self, mock_print, mock_aws_class):
# given
group_id = "sg-1"
informed_ip = "1.2.3.4/32"
operator = "Peter"
services = [{
"name": "HTTP",
"port": "80"
}, {
"name": "SFTP",
"port": "22",
"ip": informed_ip
}]
# given
descriptions = ["%s %s" % (operator, svc["name"]) for svc in services]
settings = make_settings(operator=operator,
services=services,
security_groups=[group_id])
services_index = make_services_index(settings)
rule = next(make_rules(services_index, settings['config']))
# given
with os.fdopen(self.fd, mode='w') as file:
json.dump(settings, file)
# when
main(args=["--no-tag", "--profile", self.filename])
# then
mock_print.assert_has_calls([
mock.call("Authorizing rule '%s' to IP %s" %
(descriptions[0], IP)),
mock.call("Authorizing rule '%s' to IP %s" %
(descriptions[1], informed_ip)),
mock.call('-', group_id)
])
# then
mock_liberator = mock_aws_class.return_value
mock_liberator.describe_rules.assert_called_once_with(
services_index, settings['config'])
mock_liberator.authorize_rule.assert_called_once_with(rule)