def test_post_instances_failure_missing_parameters_non_superuser(
permission_table, permission_table_name, state_table_empty,
state_table_name, account_id):
provision_sfn_arn = "fake_provision_sfn_arn"
os.environ["dynamodb_permissions_table_name"] = permission_table_name
os.environ["dynamodb_state_table_name"] = state_table_name
os.environ["provision_sfn_arn"] = provision_sfn_arn
event = {
"requestContext": {
"authorizer": {
"jwt": {
"claims": {
"email": "*****@*****.**",
"profile": "private",
"nickname": "charlie",
"custom:is_superuser": "******",
}
}
}
},
"body": "{}",
}
response = post_instances(event, context=None)
assert response["statusCode"] == 400
message = json.loads(response["body"])["message"]
assert "instanceName" in message
assert "region" in message
assert "operatingSystem" in message
assert "expiry" in message
assert "instanceType" in message
def test_post_instances_failure_exceed_instance_limit(permission_table,
permission_table_name,
state_table_empty,
state_table_name,
account_id):
provision_sfn_arn = "fake_provision_sfn_arn"
os.environ["dynamodb_permissions_table_name"] = permission_table_name
os.environ["dynamodb_state_table_name"] = state_table_name
os.environ["provision_sfn_arn"] = provision_sfn_arn
event = {
"requestContext": {
"authorizer": {
"jwt": {
"claims": {
"email": "*****@*****.**",
"profile": "private",
"nickname": "alice",
"custom:is_superuser": "******",
}
}
}
},
"body":
json.dumps({
"instanceName":
"The Best Instance",
"instanceType":
"t3.micro",
"region":
"eu-west-1",
"operatingSystem":
"AWS Linux 2",
"expiry":
(datetime.now(tz=timezone.utc) + timedelta(days=1)).isoformat(),
}),
}
# Add instances to state data to mimic user exceeding their instance allowance
for i in range(10):
add_stackset_to_state(
dynamodb_client=state_table_empty,
table_name=state_table_name,
stackset_id=f"fake_stackset_id_{i}",
username="******",
email="*****@*****.**",
)
response = post_instances(event, context=None)
assert response["statusCode"] == 400
assert "limit exceeded" in response["body"]
def test_post_instances_success_superuser_on_behalf_of_other_user(
mock_provision_stackset, permission_table, permission_table_name,
state_table_empty, state_table_name, account_id):
provision_sfn_arn = "fake_provision_sfn_arn"
os.environ["dynamodb_permissions_table_name"] = permission_table_name
os.environ["dynamodb_state_table_name"] = state_table_name
os.environ["provision_sfn_arn"] = provision_sfn_arn
requester_email = "*****@*****.**"
requester_username = "******"
instance_email = "*****@*****.**"
instance_username = "******"
event = {
"requestContext": {
"authorizer": {
"jwt": {
"claims": {
"email": requester_email,
"profile": "private",
"nickname": requester_username,
"custom:is_superuser": "******",
}
}
}
},
"body":
json.dumps({
"instanceName":
"The Best Instance",
"instanceType":
"t3.micro",
"region":
"eu-west-1",
"operatingSystem":
"AWS Linux 2",
"expiry":
(datetime.now(tz=timezone.utc) + timedelta(days=1)).isoformat(),
"email":
instance_email,
"username":
instance_username,
}),
}
response = post_instances(event, context=None)
assert "sfn_execution_arn" in response
assert response["email"] == instance_email
assert response["username"] == instance_username
mock_provision_stackset.assert_called_once()
def test_post_instances_failure_invalid_parameters(permission_table,
permission_table_name,
state_table_empty,
state_table_name,
account_id):
provision_sfn_arn = "fake_provision_sfn_arn"
os.environ["dynamodb_permissions_table_name"] = permission_table_name
os.environ["dynamodb_state_table_name"] = state_table_name
os.environ["provision_sfn_arn"] = provision_sfn_arn
event = {
"requestContext": {
"authorizer": {
"jwt": {
"claims": {
"email": "*****@*****.**",
"profile": "private",
"nickname": "charlie",
"custom:is_superuser": "******",
}
}
}
},
"body":
json.dumps({
"instanceName":
"invalid",
"instanceType":
"invalid",
"region":
"invalid",
"operatingSystem":
"invalid",
"expiry":
(datetime.now(tz=timezone.utc) + timedelta(days=24)).isoformat(),
}),
}
response = post_instances(event, context=None)
assert response["statusCode"] == 400
message = json.loads(response["body"])["message"]
assert "region" in message
assert "operatingSystem" in message
assert "expiry" in message
assert "instanceType" in message