def execute_confirm_awscoop(task_id): pm_logger = common_utils.begin_logger(task_id, __name__, inspect.currentframe()) coop_id = organizationTask_logic.check_process_status(task_id) if coop_id is None: pm_logger.error("組織タスク情報取得に失敗しました。: TaskID=%s", task_id) raise PmError() try: awscoop = pm_awsAccountCoops.query_awscoop_coop_key(task_id, coop_id) except PmError as e: pm_logger.error("AWSアカウント連携情報取得に失敗しました。: CoopID=%s", coop_id) raise common_utils.write_log_pm_error(e, pm_logger, exc_info=True) if (not awscoop): pm_logger.warning("AWSアカウント連携情報がありません。: CoopID=%s", coop_id) raise PmError() try: aws_common.create_session_client(task_id, awscoop['AWSAccount'], awscoop['RoleName'], awscoop['ExternalID']) pm_logger.info("クレデンシャルが正常に取得されました。: CoopID=%s", coop_id) except PmError as err: pm_logger.error("クレデンシャル取得に失敗しました。: CoopID=%s", coop_id) try: attribute = {'Effective': {"Value": Effective.Disable.value}} pm_awsAccountCoops.update_awscoops(task_id, coop_id, attribute) except PmError as e: pm_logger.error("AWSアカウント連携情報の更新に失敗しました。: CoopID=%s", coop_id) raise common_utils.write_log_pm_error(err, pm_logger, exc_info=True)
def test_get_check_awsaccounts_case_error_create_record_pm_check_results( self): # patch mock patch_query_key_pm_check_history = patch( "premembers.repository.pm_checkHistory.query_key") patch_query_key_pm_organizations = patch( "premembers.repository.pm_organizations.get_organization") patch_query_key_pm_project = patch( "premembers.repository.pm_projects.query_key") patch_query_key_pm_aws_account_coops = patch( "premembers.repository.pm_awsAccountCoops.query_awscoop_effective_enable" ) patch_update_pm_check_history = patch( "premembers.repository.pm_checkHistory.update") patch_create_pm_check_results = patch( "premembers.repository.pm_checkResults.create") patch_logger_error = patch.object(CwLogAdapter, "error") # start mock object mock_query_key_pm_check_history = patch_query_key_pm_check_history.start( ) mock_query_key_pm_organizations = patch_query_key_pm_organizations.start( ) mock_query_key_pm_project = patch_query_key_pm_project.start() mock_query_key_pm_aws_account_coops = patch_query_key_pm_aws_account_coops.start( ) mock_update_pm_check_history = patch_update_pm_check_history.start() mock_create_pm_check_results = patch_create_pm_check_results.start() mock_logger_error = patch_logger_error.start() # mock data mock_query_key_pm_check_history.return_value = data_pm_check_history mock_query_key_pm_organizations.return_value = data_pm_organizations mock_query_key_pm_project.return_value = data_pm_project mock_query_key_pm_aws_account_coops.return_value = data_aws_account_coops mock_update_pm_check_history.return_value = None mock_create_pm_check_results.side_effect = PmError() # addCleanup stop mock object self.addCleanup(patch_query_key_pm_check_history.stop) self.addCleanup(patch_query_key_pm_organizations.stop) self.addCleanup(patch_query_key_pm_project.stop) self.addCleanup(patch_query_key_pm_aws_account_coops.stop) self.addCleanup(patch_update_pm_check_history.stop) self.addCleanup(patch_create_pm_check_results.stop) self.addCleanup(patch_logger_error.stop) with self.assertRaises(PmError) as exception: # call function test awssecuritychecks_logic.get_check_awsaccounts( trace_id, check_history_id) # check error actual_message = exception.exception.message self.assertEquals("GCA_SECURITY-008", actual_message) # check log message error mock_logger_error.assert_called_once_with( "チェック結果レコードの作成に失敗しました。: CheckHistoryID=%s, AWSAccount=%s", check_history_id, aws_account)
def test_execute_security_check_from_external_case_error_get_pm_securityCheckWebhook(self): # patch mock patch_query_webhook_index = patch( "premembers.repository.pm_securityCheckWebhook.query_webhook_index" ) # start mock object mock_query_webhook_index = patch_query_webhook_index.start() mock_error_exception = mock_common_utils.mock_error_exception(self) # mock object mock_query_webhook_index.side_effect = PmError() # addCleanup stop mock object self.addCleanup(patch_query_webhook_index.stop) # call function test actual_response = awschecks_logic.execute_security_check_from_external( trace_id, webhook_path) # assert output function # check call function common write log error mock_error_exception.assert_called_once() # assert output function actual_response_body = json.loads(actual_response["body"]) err_402 = MsgConst.ERR_402 self.assertEqual(err_402["code"], actual_response_body["code"]) self.assertEqual(err_402["message"], actual_response_body["message"]) self.assertEqual(err_402["description"], actual_response_body["description"]) self.assertEqual(HTTPStatus.INTERNAL_SERVER_ERROR.value, actual_response["statusCode"])
def test_delete_excluded_resources_case_error_get_record_pm_aws_account_coops( self): # mock object patch_query_awscoop_coop_key = patch( "premembers.repository.pm_awsAccountCoops.query_awscoop_coop_key") # start mock object mock_query_awscoop_coop_key = patch_query_awscoop_coop_key.start() mock_error_exception = mock_common_utils.mock_error_exception(self) # mock data mock_query_awscoop_coop_key.side_effect = PmError() # addCleanup stop mock object self.addCleanup(patch_query_awscoop_coop_key.stop) # call Function test actual_response = checkitemsettings_logic.delete_excluded_resources( trace_id, organization_id, project_id, check_item_code, coop_id, region_name, resource_type, resource_name) # assert output function # check call function common write log error mock_error_exception.assert_called_once() # assert output function actual_response_body = json.loads(actual_response["body"]) err_402 = MsgConst.ERR_402 self.assertEqual(err_402["code"], actual_response_body["code"]) self.assertEqual(err_402["message"], actual_response_body["message"]) self.assertEqual(err_402["description"], actual_response_body["description"]) self.assertEqual(HTTPStatus.INTERNAL_SERVER_ERROR.value, actual_response["statusCode"])
def get_bucket_encryption(trace_id, s3_client, bucket, aws_account, region_name, is_cw_logger=False): if (is_cw_logger): logger = common_utils.begin_cw_logger(trace_id, __name__, inspect.currentframe()) else: logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) bucket_encryption = [] try: result = s3_client.get_bucket_encryption(Bucket=bucket) except ClientError as e: if e.response["Error"]["Code"] == CommonConst.SERVER_SIDE_ENCRYPTION_CONFIGURATION_NOT_FOUND_ERROR: logger.info("[%s]S3バケット暗号化情報がありません。(%s/%s)", aws_account, region_name, bucket) raise PmError(cause_error=e) elif e.response['Error']['Code'] in CommonConst.S3_SKIP_EXCEPTION: logger.warning("[%s] 権限エラーによりS3バケットリージョン情報の取得に失敗しました。(%s/%s)", aws_account, region_name, bucket) raise common_utils.write_log_warning(e, logger) else: logger.error("[%s]S3バケット暗号化情報の取得に失敗しました。(%s/%s)", aws_account, region_name, bucket) raise common_utils.write_log_exception(e, logger) if common_utils.check_key("ServerSideEncryptionConfiguration", result): if common_utils.check_key("Rules", result["ServerSideEncryptionConfiguration"]): bucket_encryption = result["ServerSideEncryptionConfiguration"]["Rules"] return bucket_encryption
def test_execute_security_check_with_executed_type_case_error_get_projects_by_organization_id(self): # patch mock patch_get_projects_by_organization_id = patch( "premembers.repository.pm_projects.get_projects_by_organization_id" ) # start mock object mock_get_projects_by_organization_id = patch_get_projects_by_organization_id.start() mock_error_exception = mock_common_utils.mock_error_exception(self) # mock object mock_get_projects_by_organization_id.side_effect = PmError() # addCleanup stop mock object self.addCleanup(patch_get_projects_by_organization_id.stop) # call function test actual_response = awschecks_logic.execute_security_check_with_executed_type( trace_id, organization_id, project_id, execute_user_id, email, "MANUAL") # assert output function # check call function common write log error mock_error_exception.assert_called_once() # assert output function actual_response_body = json.loads(actual_response["body"]) err_402 = MsgConst.ERR_402 self.assertEqual(err_402["code"], actual_response_body["code"]) self.assertEqual(err_402["message"], actual_response_body["message"]) self.assertEqual(err_402["description"], actual_response_body["description"]) self.assertEqual(HTTPStatus.INTERNAL_SERVER_ERROR.value, actual_response["statusCode"])
def test_update_user_error_update_record(self): # mock object query_key = patch('premembers.repository.pm_userAttribute.query_key') update_user = patch('premembers.repository.pm_userAttribute.update') mock_error_exception = mock_common_utils.mock_error_exception(self) # start mock object mock_query_key = query_key.start() mock_update_user = update_user.start() # mock data mock_query_key.return_value = True mock_update_user.side_effect = PmError() # addCleanup stop mock object self.addCleanup(query_key.stop) self.addCleanup(update_user.stop) # call Function test param_body = json.dumps(data_body) response = user_logic.update_user_attributes(user_id, param_body) # assert output function # check call function common write log error mock_error_exception.assert_called_once() # assert function response_body = json.loads(response['body']) err_404 = MsgConst.ERR_DB_404 self.assertEqual(response_body['code'], err_404['code']) self.assertEqual(response_body['message'], err_404['message']) self.assertEqual(response_body['description'], err_404['description']) self.assertEqual(response['statusCode'], HTTPStatus.INTERNAL_SERVER_ERROR.value)
def test_send_checkerror_email_case_error_get_project(self): # patch mock patch_get_organization = patch( "premembers.repository.pm_organizations.get_organization") patch_get_project = patch( "premembers.repository.pm_projects.query_key") # start mock object mock_get_organization = patch_get_organization.start() mock_get_project = patch_get_project.start() # mock data mock_get_organization.side_effect = None mock_get_project.side_effect = PmError() # addCleanup stop mock object self.addCleanup(patch_get_organization.stop) self.addCleanup(patch_get_project.stop) # call function test with patch.object(PmLogAdapter, 'error', return_value=None) as mock_method_error: with self.assertRaises(PmError): awschecksBatch_logic.send_checkerror_email( trace_id, aws_account, check_history_id, organization_id, project_id, error_code, execute_user_id, region_name, check_code_item, data_body) # check write log error mock_method_error.assert_any_call( "プロジェクト情報の取得に失敗しました。ProjectID={0}".format(project_id))
def send_email(trace_id, region_name, sender, bcc, subject, body): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) try: client = boto3.client( service_name='ses', region_name=region_name) except ClientError as e: pm_logger.error("[%s] SESクライアント作成に失敗しました。", region_name) raise common_utils.write_log_exception(e, pm_logger) try: response = client.send_email( Source=sender, Destination={ 'BccAddresses': bcc }, Message={ 'Subject': { 'Data': subject, 'Charset': 'UTF-8' }, 'Body': { 'Text': { 'Data': body, 'Charset': 'UTF-8' } } } ) if response['ResponseMetadata']['HTTPStatusCode'] != 200: raise PmError() except ClientError as e: raise common_utils.write_log_exception(e, pm_logger)
def test_apply_change_email_handler_error_create_record(self): # mock object patch_create = patch('premembers.repository.pm_emailChangeApply.create') patch_get_cognito_user_pools = patch('premembers.common.aws_common.get_cognito_user_pools') # start mock object mock_create = patch_create.start() mock_get_cognito_user_pools = patch_get_cognito_user_pools.start() # mock data mock_create.side_effect = PmError() mock_get_cognito_user_pools.return_value = [] # addCleanup stop mock object self.addCleanup(patch_create.stop) self.addCleanup(patch_get_cognito_user_pools.stop) # Call function test body = { "mailAddress": mail_after, "callerServiceName": "opswitch", "mailLang": language_mail_test } event_mock = event_create.get_event_object( trace_id=trace_id, email=mail_before, body=json.dumps(body)) result = user.apply_change_email_handler(event_mock, {}) # Check data response_body = json.loads(result['body']) err_403 = MsgConst.ERR_DB_403 self.assertEqual(err_403['code'], response_body['code']) self.assertEqual(err_403['message'], response_body['message']) self.assertEqual(err_403['description'], response_body['description']) self.assertEqual(result['statusCode'], HTTPStatus.INTERNAL_SERVER_ERROR.value)
def test_get_user_error_query_record(self): user_id = DataCommon.USER_ID_TEST.format(str(3)) # mock object query_key = patch('premembers.repository.pm_userAttribute.query_key') # start mock object mock_query_key = query_key.start() mock_error_exception = mock_common_utils.mock_error_exception(self) # mock data mock_query_key.side_effect = PmError() # addCleanup stop mock object self.addCleanup(query_key.stop) # call Function test response = user_logic.get_user_attributes(user_id) # assert output function # check call function common write log error mock_error_exception.assert_called_once() # assert function response_body = json.loads(response['body']) err_402 = MsgConst.ERR_402 self.assertEqual(response_body['code'], err_402['code']) self.assertEqual(response_body['message'], err_402['message']) self.assertEqual(response_body['description'], err_402['description']) self.assertEqual(response['statusCode'], HTTPStatus.INTERNAL_SERVER_ERROR.value)
def test_execute_send_checkerror_email_case_error_send_checkerror_email( self): # patch mock patch_publish_error_message_send_checkerror_email = patch( "premembers.check.logic.awschecksBatch_logic.publish_error_message_send_checkerror_email" ) patch_send_checkerror_email = patch( "premembers.check.logic.awschecksBatch_logic.send_checkerror_email" ) # start mock object mock_publish_error_message_send_checkerror_email = patch_publish_error_message_send_checkerror_email.start( ) mock_send_checkerror_email = patch_send_checkerror_email.start() # mock data mock_publish_error_message_send_checkerror_email.side_effect = None mock_send_checkerror_email.side_effect = PmError() # addCleanup stop mock object self.addCleanup(patch_publish_error_message_send_checkerror_email.stop) self.addCleanup(patch_send_checkerror_email.stop) # call function test awschecksBatch_logic.execute_send_checkerror_email( trace_id, context_aws.aws_request_id, aws_account, check_history_id, organization_id, project_id, error_code, execute_user_id, region_name, check_code_item, data_body) # check param call function mock_publish_error_message_send_checkerror_email.assert_any_call( trace_id, check_history_id, organization_id, project_id, context_aws.aws_request_id, 'None')
def side_effect_read_yaml_error_get_message_notice_error_execute_check_security( trace_id, bucket, s3_file_name): if s3_file_name == copy.deepcopy(DataTestS3.PATH_FILE_CONFIG): return copy.deepcopy(DataTestS3.DATA_CONFIG) elif s3_file_name == copy.deepcopy( DataTestS3.PATH_FILE_MESSAGE_NOTICE_ERROR_EXECUTE_CHECK_SECURITY_JA ): raise PmError()
def test_execute_security_check_with_executed_type_case_error_get_pm_check_history(self): # patch mock patch_get_projects_by_organization_id = patch( "premembers.repository.pm_projects.get_projects_by_organization_id" ) patch_create_pm_check_history = patch( "premembers.repository.pm_checkHistory.create") patch_aws_sns = patch("premembers.common.aws_common.aws_sns") patch_query_key_pm_check_history = patch("premembers.repository.pm_checkHistory.query_key") patch_get_uuid4 = patch("premembers.common.common_utils.get_uuid4") # start mock object mock_query_key_pm_check_history = patch_query_key_pm_check_history.start() mock_get_projects_by_organization_id = patch_get_projects_by_organization_id.start() mock_create_pm_check_history = patch_create_pm_check_history.start() mock_aws_sns = patch_aws_sns.start() mock_get_uuid4 = patch_get_uuid4.start() mock_error_exception = mock_common_utils.mock_error_exception(self) # mock object mock_query_key_pm_check_history.side_effect = PmError() mock_get_projects_by_organization_id.return_value = data_pm_project mock_create_pm_check_history.side_effect = None mock_aws_sns.side_effect = None mock_get_uuid4.return_value = check_history_id # addCleanup stop mock object self.addCleanup(patch_get_projects_by_organization_id.stop) self.addCleanup(patch_create_pm_check_history.stop) self.addCleanup(patch_aws_sns.stop) self.addCleanup(patch_get_uuid4.stop) # call function test actual_response = awschecks_logic.execute_security_check_with_executed_type( trace_id, organization_id, project_id, execute_user_id, email, "MANUAL") # assert output function # check call function common write log error mock_error_exception.assert_called_once() # assert call aws_sns topic_arn = common_utils.get_environ( CommonConst.SECURITYCHECK_EXECUTE_TOPIC) subject = "USER : {0}".format(execute_user_id) message = {'CheckHistoryId': check_history_id} mock_aws_sns.assert_called_once_with(trace_id, subject, json.dumps(message), topic_arn) # assert output function actual_response_body = json.loads(actual_response["body"]) err_402 = MsgConst.ERR_402 self.assertEqual(err_402["code"], actual_response_body["code"]) self.assertEqual(err_402["message"], actual_response_body["message"]) self.assertEqual(err_402["description"], actual_response_body["description"]) self.assertEqual(HTTPStatus.INTERNAL_SERVER_ERROR.value, actual_response["statusCode"])
def test_get_check_awsaccounts_case_error_get_record_pm_project(self): # create data mock cw_logger = common_utils.begin_cw_logger(trace_id, __name__, inspect.currentframe()) pm_error = PmError() # patch mock patch_begin_cw_logger = patch( "premembers.common.common_utils.begin_cw_logger") patch_query_key_pm_check_history = patch( "premembers.repository.pm_checkHistory.query_key") patch_query_key_pm_organizations = patch( "premembers.repository.pm_organizations.get_organization") patch_query_key_pm_project = patch( "premembers.repository.pm_projects.query_key") patch_logger_error = patch.object(CwLogAdapter, "error") patch_write_log_pm_error = patch( "premembers.common.common_utils.write_log_pm_error") # start mock object mock_begin_cw_logger = patch_begin_cw_logger.start() mock_query_key_pm_check_history = patch_query_key_pm_check_history.start( ) mock_query_key_pm_organizations = patch_query_key_pm_organizations.start( ) mock_query_key_pm_project = patch_query_key_pm_project.start() mock_logger_error = patch_logger_error.start() mock_write_log_pm_error = patch_write_log_pm_error.start() # mock data mock_begin_cw_logger.return_value = cw_logger mock_query_key_pm_check_history.return_value = data_pm_check_history mock_query_key_pm_organizations.return_value = data_pm_organizations mock_query_key_pm_project.side_effect = pm_error mock_write_log_pm_error.return_value = pm_error # addCleanup stop mock object self.addCleanup(patch_begin_cw_logger.stop) self.addCleanup(patch_query_key_pm_check_history.stop) self.addCleanup(patch_query_key_pm_organizations.stop) self.addCleanup(patch_query_key_pm_project.stop) self.addCleanup(patch_logger_error.stop) self.addCleanup(patch_write_log_pm_error.stop) with self.assertRaises(PmError): # call function test awssecuritychecks_logic.get_check_awsaccounts( trace_id, check_history_id) # check log message error mock_logger_error.assert_called_once_with( "プロジェクト情報の取得に失敗しました。: ProjectID=%s", project_id) # check call function write_log_pm_error mock_write_log_pm_error.assert_called_once_with( pm_error, cw_logger, "GCA_SECURITY-004")
def test_delete_project_case_error_delete_security_check_webhook(self): # create pm_securityCheckWebhook table mock_pm_securityCheckWebhook.create_table() # create pm_securityCheckWebhookCallHistory table mock_pm_securityCheckWebhookCallHistory.create_table() # create pm_reports table mock_pm_reports.create_table() # create data pm_security_check_webhooks for data_pm_security_check_webhooks in list_data_pm_security_check_webhooks: mock_pm_securityCheckWebhook.create( data_pm_security_check_webhooks) # create data pm_security_check_webhooks for data_pm_security_check_webhook_call_history in list_data_pm_security_check_webhook_call_historys: mock_pm_securityCheckWebhookCallHistory.create( data_pm_security_check_webhook_call_history) # create data pm_reports for data_pm_reports in list_data_pm_reports: mock_pm_reports.create(data_pm_reports) # mock object pm_error = PmError() patch_delete_security_check_webhook = patch( "premembers.repository.pm_securityCheckWebhook.delete") patch_error_method = patch.object(PmLogAdapter, 'error') # mock function error mock_delete_security_check_webhook = patch_delete_security_check_webhook.start() mock_error_method = patch_error_method.start() # mock data mock_delete_security_check_webhook.side_effect = pm_error mock_error_method.return_value = None # addCleanup stop mock object self.addCleanup(patch_delete_security_check_webhook.stop) self.addCleanup(patch_error_method.stop) # call Function test actual_response = projectsBatch_logic.delete_project( task_id, project_id) actual_record_pm_security_check_webhook_call_history = mock_pm_securityCheckWebhookCallHistory.query_all() # check call function error mock_error_method.assert_any_call( "チェック実行Webhook情報削除に失敗しました。: WebhookID=%s", security_check_web_hook_id) mock_error_method.assert_any_call(pm_error) # assert output function self.assertEqual(False, actual_response) self.assertEqual(1, len(actual_record_pm_security_check_webhook_call_history['Items']))
def test_execute_change_email_case_update_cognito_user_attributes_error_caller_service_name_is_opswitch( self): # perpare data test mock_pm_emailChangeApply.create( data_insert_caller_service_name_opswitch) # patch mock patch_read_yaml = patch('premembers.common.FileUtils.read_yaml') get_cognito_user_info_by_user_name_patch = patch( 'premembers.common.aws_common.get_cognito_user_info_by_user_name') update_cognito_user_attributes_patch = patch( 'premembers.common.aws_common.update_cognito_user_attributes') # start mock object mock_read_yaml = patch_read_yaml.start() mock_get_cognito_user_info_by_user_name = get_cognito_user_info_by_user_name_patch.start( ) mock_update_cognito_user_attributes = update_cognito_user_attributes_patch.start( ) # mock data mock_read_yaml.return_value = data_config mock_get_cognito_user_info_by_user_name.return_value = user_info mock_update_cognito_user_attributes.side_effect = PmError() # addCleanup stop mock object self.addCleanup(patch_read_yaml.stop) self.addCleanup(get_cognito_user_info_by_user_name_patch.stop) self.addCleanup(update_cognito_user_attributes_patch.stop) with patch.object(PmLogAdapter, 'error', return_value=None) as mock_method_error: # call function test result = user_logic.execute_change_email(apply_id) # Check data status_code = result['statusCode'] response_body = result['body'] response_headers = result['headers'] self.assertEqual(HTTPStatus.OK.value, status_code) self.assertEqual(response_error_page_caller_service_opswitch, response_body) self.assertEqual(content_type_text_html, response_headers['content-type']) # check param call function get_cognito_user_info_by_user_name mock_get_cognito_user_info_by_user_name.assert_called_once_with( apply_id, user_id) # check param call function update_cognito_user_attributes mock_update_cognito_user_attributes.assert_called_once_with( apply_id, user_id, user_attributes) # check write log error mock_method_error.assert_called_once_with("Cognitoの項目変更に失敗しました。")
def test_execute_delete_invalid_user_error_call_delete_affiliation(self): # mock object patch_get_cognito_user_pools = patch( 'premembers.common.aws_common.get_cognito_user_pools') patch_method_warning = patch.object(PmLogAdapter, "warning") patch_method_delete_cognito_user_by_user_name = patch( 'premembers.common.aws_common.delete_cognito_user_by_user_name') patch_method_query_userid_key = patch( 'premembers.repository.pm_affiliation.query_userid_key') patch_method_delete_affiliation = patch( 'premembers.repository.pm_affiliation.delete_affiliation') # start mock object mock_get_cognito_user_pools = patch_get_cognito_user_pools.start() mock_method_warning = patch_method_warning.start() mock_method_delete_cognito_user_by_user_name = patch_method_delete_cognito_user_by_user_name.start( ) mock_method_query_userid_key = patch_method_query_userid_key.start() mock_method_delete_affiliation = patch_method_delete_affiliation.start( ) expected_username_force_change_password = copy.deepcopy( DataTestCognitoIdp.LIST_DATA_USER_FORCE_CHANGE_PASSWORD[1] ['Username']) data_affiliation_user_force_change_password = copy.deepcopy( DataPmAffiliation.AFFILIATION_TEMPLATE) data_affiliation_user_force_change_password[ 'UserID'] = expected_username_force_change_password data_query_userid_key = [data_affiliation_user_force_change_password] # mock data mock_get_cognito_user_pools.side_effect = mock_get_cognito_user_pools_success mock_method_delete_cognito_user_by_user_name.side_effect = None mock_method_query_userid_key.return_value = data_query_userid_key mock_method_delete_affiliation.side_effect = PmError() # addCleanup stop mock object self.addCleanup(patch_get_cognito_user_pools.stop) self.addCleanup(patch_method_warning.stop) self.addCleanup(patch_method_delete_cognito_user_by_user_name.stop) self.addCleanup(patch_method_query_userid_key.stop) self.addCleanup(mock_method_delete_affiliation.stop) # call Function test with self.assertRaises(PmError): usersBatch_logic.execute_delete_invalid_user(trace_id) # check logic write log warning expected_organizationid = data_affiliation_user_force_change_password[ 'OrganizationID'] mock_method_warning.assert_any_call( "PM_Affiliationテーブルのレコード削除に失敗しました。UserID : %s / OrganizationID : %s", expected_username_force_change_password, expected_organizationid)
def test_check_effective_awsaccount_case_error_create_session_client(self): # create data mock cw_logger = common_utils.begin_cw_logger(trace_id, __name__, inspect.currentframe()) # patch mock patch_begin_cw_logger = patch( "premembers.common.common_utils.begin_cw_logger") patch_logger_warning = patch.object(CwLogAdapter, "warning") patch_do_disable_awscoop = patch( "premembers.check.logic.awssecuritychecks_logic.do_disable_awscoop" ) patch_create_session_client = patch( "premembers.common.aws_common.create_session_client") patch_query_awscoop_coop_key = patch( "premembers.repository.pm_awsAccountCoops.query_awscoop_coop_key") # start mock object mock_begin_cw_logger = patch_begin_cw_logger.start() mock_logger_warning = patch_logger_warning.start() mock_do_disable_awscoop = patch_do_disable_awscoop.start() mock_create_session_client = patch_create_session_client.start() mock_query_awscoop_coop_key = patch_query_awscoop_coop_key.start() # mock object mock_begin_cw_logger.return_value = cw_logger mock_do_disable_awscoop.side_effect = None mock_create_session_client.side_effect = PmError() mock_query_awscoop_coop_key.side_effect = None # addCleanup stop mock object self.addCleanup(patch_begin_cw_logger.stop) self.addCleanup(patch_logger_warning.stop) self.addCleanup(patch_do_disable_awscoop.stop) self.addCleanup(patch_create_session_client.stop) self.addCleanup(patch_query_awscoop_coop_key.stop) # call function test actual_response = awssecuritychecks_logic.check_effective_awsaccount( trace_id, aws_account, coop_id, role_name, external_id, organization_id, project_id, check_history_id) expect_response = {"TaskResult": "Fail"} # check result self.assertDictEqual(expect_response, actual_response) # check log message warning mock_logger_warning.assert_any_call("[%s] Credentialsを取得できませんでした。", aws_account) # check call function do_disable_awscoop mock_do_disable_awscoop.assert_called_once_with( trace_id, coop_id, aws_account)
def error_exception(error_code, status_code, error_pm, pm_logger, exc_info=False): if type(error_pm) is not PmError: error_pm = PmError(cause_error=error_pm) response = get_response_error(error_code, status_code, error_pm.error_id) if exc_info is True: pm_logger.error(error_pm) pm_logger.exception("error_id: %s", error_pm.error_id) pm_logger.error("end : response %s", response) return response
def test_execute_security_check_with_executed_type_case_error_publish_message(self): # patch mock patch_get_projects_by_organization_id = patch( "premembers.repository.pm_projects.get_projects_by_organization_id" ) patch_create_pm_check_history = patch( "premembers.repository.pm_checkHistory.create") patch_aws_sns = patch("premembers.common.aws_common.aws_sns") patch_query_key_pm_check_history = patch("premembers.repository.pm_checkHistory.query_key") patch_get_uuid4 = patch("premembers.common.common_utils.get_uuid4") # start mock object mock_query_key_pm_check_history = patch_query_key_pm_check_history.start() mock_get_projects_by_organization_id = patch_get_projects_by_organization_id.start() mock_create_pm_check_history = patch_create_pm_check_history.start() mock_aws_sns = patch_aws_sns.start() mock_get_uuid4 = patch_get_uuid4.start() # mock object mock_query_key_pm_check_history.return_value = data_pm_check_history mock_get_projects_by_organization_id.return_value = data_pm_project mock_create_pm_check_history.side_effect = None mock_aws_sns.side_effect = PmError() mock_get_uuid4.return_value = check_history_id # addCleanup stop mock object self.addCleanup(patch_get_projects_by_organization_id.stop) self.addCleanup(patch_create_pm_check_history.stop) self.addCleanup(patch_aws_sns.stop) self.addCleanup(patch_get_uuid4.stop) # call function test actual_response = awschecks_logic.execute_security_check_with_executed_type( trace_id, organization_id, project_id, execute_user_id, email, "MANUAL") # assert call aws_sns topic_arn = common_utils.get_environ( CommonConst.SECURITYCHECK_EXECUTE_TOPIC) subject = "USER : {0}".format(execute_user_id) message = {'CheckHistoryId': check_history_id} mock_aws_sns.assert_called_once_with(trace_id, subject, json.dumps(message), topic_arn) # Get data response actual_status_code = actual_response['statusCode'] actual_response_bodys = json.loads(actual_response['body']) # Check data self.assertEqual(HTTPStatus.CREATED, actual_status_code) self.assertEqual(data_pm_check_history, actual_response_bodys)
def test_check_effective_awsaccount_case_error_get_iam_client(self): # create data mock cw_logger = common_utils.begin_cw_logger(trace_id, __name__, inspect.currentframe()) pm_error = PmError() # patch mock patch_begin_cw_logger = patch( "premembers.common.common_utils.begin_cw_logger") patch_create_session_client = patch( "premembers.common.aws_common.create_session_client") patch_get_iam_client = patch( "premembers.common.IAMUtils.get_iam_client") patch_query_awscoop_coop_key = patch( "premembers.repository.pm_awsAccountCoops.query_awscoop_coop_key") patch_write_log_pm_error = patch( 'premembers.common.common_utils.write_log_pm_error') # start mock object mock_begin_cw_logger = patch_begin_cw_logger.start() mock_create_session_client = patch_create_session_client.start() mock_get_iam_client = patch_get_iam_client.start() mock_query_awscoop_coop_key = patch_query_awscoop_coop_key.start() mock_write_log_pm_error = patch_write_log_pm_error.start() # mock object mock_begin_cw_logger.return_value = cw_logger mock_create_session_client.return_value = session mock_get_iam_client.side_effect = pm_error mock_query_awscoop_coop_key.side_effect = None mock_write_log_pm_error.return_value = pm_error # addCleanup stop mock object self.addCleanup(patch_begin_cw_logger.stop) self.addCleanup(patch_create_session_client.stop) self.addCleanup(patch_get_iam_client.stop) self.addCleanup(patch_query_awscoop_coop_key.stop) self.addCleanup(patch_write_log_pm_error.stop) # call function test actual_response = awssecuritychecks_logic.check_effective_awsaccount( trace_id, aws_account, coop_id, role_name, external_id, organization_id, project_id, check_history_id) expect_response = {"TaskResult": "Fail"} # check result self.assertDictEqual(expect_response, actual_response) # check call function write_log_pm_error mock_write_log_pm_error.assert_any_call( pm_error, cw_logger, "CEA_SECURITY-002-" + aws_account)
def execute_delete_organization_user(task_id): pm_logger = common_utils.begin_logger(task_id, __name__, inspect.currentframe()) # タスク情報を取得します。 # タスク情報のステータスチェックを行います。 target = organizationTask_logic.check_process_status(task_id) if target is None: pm_logger.error("組織タスク情報取得に失敗しました。: TaskID=%s", task_id) raise PmError() # タスク情報から処理対象(ユーザーID,組織ID)を取得します。 target = target.split(CommonConst.COMMA) user_id = target[0] organization_id = target[1] # 削除処理 # 組織別通知メール宛先テーブル(PM_OrgNotifyMailDestinations)に組織ID{organization_id}をキーとしてクエリを実行し、対象情報を取得する。 try: org_notify_mail_destinations = pm_orgNotifyMailDestinations.query_key( task_id, organization_id, CommonConst.NOTIFY_CODE) except PmError as e: pm_logger.error("組織別通知メール宛先情報取得に失敗しました。: OrganizationID=%s", organization_id) raise common_utils.write_log_pm_error(e, pm_logger) # キーに合致するレコードが存在しなかった場合 if (not org_notify_mail_destinations): # 処理を正常終了する。 return # 取得したレコードのDestinationsのListデータを編集する。 destinations = jmespath.search( "[?UserID != '{0}']".format(user_id), org_notify_mail_destinations['Destinations']) # 編集後のDestinationsは、組織別通知メール宛先テーブル(PM_OrgNotifyMailDestinations)へ組織ID{organization_id}をキーとしてupdate_itemで更新する。(UpdatedAtも現在日時で更新する) try: if (len(destinations) == 0): # 編集後のDestinationsのListデータが0件になる場合、組織別通知メール宛先テーブル(PM_OrgNotifyMailDestinations)の該当レコードを削除する。 pm_orgNotifyMailDestinations.delete(task_id, organization_id, CommonConst.NOTIFY_CODE) else: attribute = {'Destinations': {"Value": destinations}} pm_orgNotifyMailDestinations.update(task_id, organization_id, CommonConst.NOTIFY_CODE, attribute) except PmError as e: pm_logger.error("組織別通知メール宛先情報の更新に失敗しました。: OrganizationID=%s", organization_id) raise common_utils.write_log_pm_error(e, pm_logger)
def test_send_checkerror_email_case_error_read_decode_get_template_body_mail( self): # patch mock patch_get_organization = patch( "premembers.repository.pm_organizations.get_organization") patch_get_project = patch( "premembers.repository.pm_projects.query_key") patch_get_cognito_user_info_by_user_name = patch( "premembers.common.aws_common.get_cognito_user_info_by_user_name") patch_read_decode = patch("premembers.common.FileUtils.read_decode") # start mock object mock_get_organization = patch_get_organization.start() mock_get_project = patch_get_project.start() mock_get_cognito_user_info_by_user_name = patch_get_cognito_user_info_by_user_name.start( ) mock_read_decode = patch_read_decode.start() # mock data mock_get_organization.side_effect = None mock_get_project.side_effect = None result_mock_read_yaml = mock_common_utils.mock_read_yaml(self, True) mock_get_cognito_user_info_by_user_name.return_value = user_info_cognito mock_read_decode.side_effect = PmError() # addCleanup stop mock object self.addCleanup(patch_get_organization.stop) self.addCleanup(patch_get_project.stop) self.addCleanup(patch_get_cognito_user_info_by_user_name.stop) self.addCleanup(result_mock_read_yaml[1].stop) self.addCleanup(patch_read_decode.stop) # call function test with patch.object(PmLogAdapter, 'error', return_value=None) as mock_method_error: with self.assertRaises(PmError): awschecksBatch_logic.send_checkerror_email( trace_id, aws_account, check_history_id, organization_id, project_id, error_code, execute_user_id, region_name, check_code_item, data_body) # check write log error mock_method_error.assert_any_call( '通知メール本文テンプレートファイルの取得に失敗しました。:s3://premembers-dev-setting/check/notify/mail/notice_error_execute_check_ja.tpl' ) # check param call function mock_read_decode.assert_called_once_with( trace_id, 'S3_SETTING_BUCKET', copy.deepcopy(DataTestS3.PATH_NOTICE_ERROR_EXECUTE_CHECK_JA))
def test_apply_change_email_handler_error_read_file_template(self): # mock object patch_get_cognito_user_pools = patch('premembers.common.aws_common.get_cognito_user_pools') patch_method_error = patch.object(PmLogAdapter, "error") patch_read_decode = patch("premembers.common.FileUtils.read_decode") patch_read_yaml = patch("premembers.common.FileUtils.read_yaml") # start mock object mock_get_cognito_user_pools = patch_get_cognito_user_pools.start() mock_method_error = patch_method_error.start() mock_read_yaml = patch_read_yaml.start() mock_read_decode = patch_read_decode.start() # mock data mock_get_cognito_user_pools.return_value = [] mock_method_error.return_value = None mock_read_yaml.return_value = response_data_config mock_read_decode.side_effect = PmError() # addCleanup stop mock object self.addCleanup(patch_get_cognito_user_pools.stop) self.addCleanup(patch_method_error.stop) self.addCleanup(patch_read_yaml.stop) self.addCleanup(patch_read_decode.stop) # Call function test body = { "mailAddress": mail_after, "callerServiceName": "insightwatch", "mailLang": language_mail_test } event_mock = event_create.get_event_object( trace_id=trace_id, email=mail_before, body=json.dumps(body)) result = user.apply_change_email_handler(event_mock, {}) # Check data mock_method_error.assert_any_call( "メールアドレス変更通知メール本文テンプレートファイルの取得に失敗しました。:s3://%s/%s", common_utils.get_environ(CommonConst.S3_SETTING_BUCKET), "check/notify/mail/insightwatch_apply_change_mail_template_ja.tpl") response_body = json.loads(result['body']) err_s3_702 = MsgConst.ERR_S3_702 self.assertEqual(err_s3_702['code'], response_body['code']) self.assertEqual(err_s3_702['message'], response_body['message']) self.assertEqual(err_s3_702['description'], response_body['description']) self.assertEqual(result['statusCode'], HTTPStatus.INTERNAL_SERVER_ERROR.value)
def test_test_update_status_checkhistory_case_error_update_record_pm_check_history( self): # create data mock cw_logger = common_utils.begin_cw_logger(trace_id, __name__, inspect.currentframe()) pm_error = PmError() # patch mock patch_query_key_pm_check_history = patch( "premembers.repository.pm_checkHistory.query_key") patch_update_pm_check_history = patch( "premembers.repository.pm_checkHistory.update") patch_begin_cw_logger = patch( "premembers.common.common_utils.begin_cw_logger") patch_logger_error = patch.object(CwLogAdapter, "error") patch_write_log_pm_error = patch( "premembers.common.common_utils.write_log_pm_error") # start mock object mock_query_key_pm_check_history = patch_query_key_pm_check_history.start( ) mock_update_pm_check_history = patch_update_pm_check_history.start() mock_begin_cw_logger = patch_begin_cw_logger.start() mock_logger_error = patch_logger_error.start() mock_write_log_pm_error = patch_write_log_pm_error.start() # mock object mock_query_key_pm_check_history.return_value = data_pm_check_history mock_update_pm_check_history.side_effect = pm_error mock_begin_cw_logger.return_value = cw_logger mock_write_log_pm_error.return_value = pm_error # addCleanup stop mock object self.addCleanup(patch_query_key_pm_check_history.stop) self.addCleanup(patch_begin_cw_logger.stop) self.addCleanup(patch_logger_error.stop) self.addCleanup(patch_write_log_pm_error.stop) with self.assertRaises(PmError): # call function test awssecuritychecks_logic.update_status_checkhistory( check_history_id, error_code, check_status) # check log message error mock_logger_error.assert_called_once_with( "チェック履歴情報のステータス更新に失敗しました。: CheckHistoryID=%s", check_history_id) # check call function write_log_pm_error mock_write_log_pm_error.assert_called_once_with(pm_error, cw_logger)
def test_authority_error(self): with patch('premembers.common.checkauthority.check_authority' ) as mock_check_authority: mock_check_authority.side_effect = PmError() response = checkauthority.authority(trace_id, user_id, organization_id, Authority["Owner"]) status_code = response['statusCode'] response_body = json.loads(response['body']) err_402 = MsgConst.ERR_402 self.assertEqual(status_code, HTTPStatus.INTERNAL_SERVER_ERROR.value) self.assertEqual(response_body['code'], err_402['code']) self.assertEqual(response_body['message'], err_402['message']) self.assertEqual(response_body['description'], err_402['description'])
def test_apply_change_email_handler_error_send_mail(self): # mock object patch_get_cognito_user_pools = patch('premembers.common.aws_common.get_cognito_user_pools') patch_method_error = patch.object(PmLogAdapter, "error") patch_read_decode = patch("premembers.common.FileUtils.read_decode") patch_read_yaml = patch("premembers.common.FileUtils.read_yaml") patch_send_email = patch("premembers.common.aws_common.send_email") # start mock object mock_get_cognito_user_pools = patch_get_cognito_user_pools.start() mock_method_error = patch_method_error.start() mock_read_yaml = patch_read_yaml.start() mock_read_decode = patch_read_decode.start() mock_send_email = patch_send_email.start() # mock data mock_get_cognito_user_pools.return_value = [] mock_method_error.return_value = None mock_read_yaml.return_value = response_data_config mock_send_email.side_effect = PmError() mock_read_decode.return_value = template_body_mail # addCleanup stop mock object self.addCleanup(patch_get_cognito_user_pools.stop) self.addCleanup(patch_method_error.stop) self.addCleanup(patch_read_yaml.stop) self.addCleanup(patch_read_decode.stop) self.addCleanup(patch_send_email.stop) # Call function test body = { "mailAddress": mail_after, "callerServiceName": "insightwatch", "mailLang": language_mail_test } event_mock = event_create.get_event_object( trace_id=trace_id, email=mail_before, body=json.dumps(body)) result = user.apply_change_email_handler(event_mock, {}) # Check data mock_method_error.assert_any_call("通知メール送信に失敗しました。") response_body = json.loads(result['body']) err_ses_801 = MsgConst.ERR_SES_801 self.assertEqual(err_ses_801['code'], response_body['code']) self.assertEqual(err_ses_801['message'], response_body['message']) self.assertEqual(err_ses_801['description'], response_body['description']) self.assertEqual(result['statusCode'], HTTPStatus.INTERNAL_SERVER_ERROR.value)
def test_send_checkerror_email_case_error_read_yaml_get_config_setting_mail( self): # patch mock patch_get_organization = patch( "premembers.repository.pm_organizations.get_organization") patch_get_project = patch( "premembers.repository.pm_projects.query_key") patch_get_cognito_user_info_by_user_name = patch( "premembers.common.aws_common.get_cognito_user_info_by_user_name") patch_read_yaml_get_config_setting_mail = patch( "premembers.common.FileUtils.read_yaml") # start mock object mock_get_organization = patch_get_organization.start() mock_get_project = patch_get_project.start() mock_get_cognito_user_info_by_user_name = patch_get_cognito_user_info_by_user_name.start( ) mock_read_yaml_get_config_setting_mail = patch_read_yaml_get_config_setting_mail.start( ) # mock data mock_get_organization.side_effect = None mock_get_project.side_effect = None mock_get_cognito_user_info_by_user_name.side_effect = None mock_read_yaml_get_config_setting_mail.side_effect = PmError() # addCleanup stop mock object self.addCleanup(patch_get_organization.stop) self.addCleanup(patch_get_project.stop) self.addCleanup(patch_get_cognito_user_info_by_user_name.stop) self.addCleanup(patch_read_yaml_get_config_setting_mail.stop) # call function test with patch.object(PmLogAdapter, 'error', return_value=None) as mock_method_error: with self.assertRaises(PmError): awschecksBatch_logic.send_checkerror_email( trace_id, aws_account, check_history_id, organization_id, project_id, error_code, execute_user_id, region_name, check_code_item, data_body) # check write log error mock_method_error.assert_any_call( '通知メール送信設定ファイルの取得に失敗しました。:s3://premembers-dev-setting/check/notify/mail/config.yaml' ) mock_read_yaml_get_config_setting_mail.assert_any_call( trace_id, 'S3_SETTING_BUCKET', copy.deepcopy(DataTestS3.PATH_FILE_CONFIG))
def test_send_checkerror_email_error_send_email(self): # patch mock patch_get_organization = patch( "premembers.repository.pm_organizations.get_organization") patch_get_project = patch( "premembers.repository.pm_projects.query_key") patch_get_cognito_user_info_by_user_name = patch( "premembers.common.aws_common.get_cognito_user_info_by_user_name") patch_read_decode = patch("premembers.common.FileUtils.read_decode") patch_send_email = patch("premembers.common.aws_common.send_email") # start mock object mock_get_organization = patch_get_organization.start() mock_get_project = patch_get_project.start() mock_get_cognito_user_info_by_user_name = patch_get_cognito_user_info_by_user_name.start( ) mock_read_decode = patch_read_decode.start() mock_send_email = patch_send_email.start() # mock data mock_get_organization.side_effect = None mock_get_project.side_effect = None result_mock_read_yaml = mock_common_utils.mock_read_yaml(self, True) mock_get_cognito_user_info_by_user_name.return_value = user_info_cognito mock_read_decode.return_value = copy.deepcopy( DataTestS3.TEMPLATE_NOTICE_ERROR_EXECUTE_CHECK_JA) mock_send_email.side_effect = PmError() # addCleanup stop mock object self.addCleanup(patch_get_cognito_user_info_by_user_name.stop) self.addCleanup(result_mock_read_yaml[1].stop) self.addCleanup(patch_read_decode.stop) self.addCleanup(patch_send_email.stop) # call function test with patch.object(PmLogAdapter, 'error', return_value=None) as mock_method_error: with self.assertRaises(PmError): awschecksBatch_logic.send_checkerror_email( trace_id, aws_account, check_history_id, organization_id, project_id, error_code, execute_user_id, region_name, check_code_item, data_body) # check write log error mock_method_error.assert_any_call('通知メール送信に失敗しました。')