def test_patch_iam_policy_with_owner(self): """Test that we set the right values for project parent""" env = copy.deepcopy(self.default_env) properties = copy.deepcopy(self.default_properties) context = Context(env, properties) resources = p.GenerateConfig(context)['resources'] expected_patch = { 'add': [{ 'role': 'roles/owner', 'members': [ 'serviceAccount:$(ref.my-project.projectNumber)' '@cloudservices.gserviceaccount.com' ] }], 'remove': [] } patch_action = [ resource for resource in resources if resource['name'] == 'patch-iam-policy-my-project'] self.assertEquals( expected_patch, patch_action[0]['properties']['gcpIamPolicyPatch']) del properties['set-dm-service-account-as-owner'] context = Context(env, properties) resources = p.GenerateConfig(context)['resources'] patch_action = [ resource for resource in resources if resource['name'] == 'set-dm-service-account-as-owner'] self.assertEquals([], patch_action)
def test_generateconfig_sets_project_parent(self): """Test that we set the right values for project parent""" env = copy.deepcopy(self.default_env) properties = copy.deepcopy(self.default_properties) context = Context(env, properties) resources = p.GenerateConfig(context)['resources'] expected_project_parent = { 'type': 'organization', 'id': "1234" } project_resource = [ resource for resource in resources if resource.get('type') == 'cloudresourcemanager.v1.project'] self.assertEquals( expected_project_parent, project_resource[0]['properties']['parent']) properties['parent-folder-id'] = "1234" del properties['organization-id'] context = Context(env, properties) resources = p.GenerateConfig(context)['resources'] expected_project_parent = { 'type': 'folder', 'id': "1234" } project_resource = [ resource for resource in resources if resource.get('type') == 'cloudresourcemanager.v1.project'] self.assertEquals( expected_project_parent, project_resource[0]['properties']['parent'])
def test_patch_iam_policy_containing_default_dm_as_owner_already(self): """Test IAM patching correctly merges in the default DM service account to the owner role only once""" env = copy.deepcopy(self.default_env) properties = copy.deepcopy(self.default_properties) properties['iam-policy-patch'] = { 'add': [{ 'role': 'roles/owner', 'members': [ 'serviceAccount:$(ref.my-project.projectNumber)' '@cloudservices.gserviceaccount.com' ] }] } context = Context(env, properties) resources = p.GenerateConfig(context)['resources'] expected_patch = { 'add': [{ 'role': 'roles/owner', 'members': [ 'serviceAccount:$(ref.my-project.projectNumber)' '@cloudservices.gserviceaccount.com' ] }], 'remove': [] } patch_action = [ resource for resource in resources if resource['name'] == 'patch-iam-policy-my-project'] self.assertEquals( expected_patch, patch_action[0]['properties']['gcpIamPolicyPatch'])
def test_generateconfig_fails_if_neither_folder_nor_org_present(self): """Test that we sys.exit() if both the parents are present""" env = copy.deepcopy(self.default_env) properties = copy.deepcopy(self.default_properties) del properties['organization-id'] context = Context(env, properties) with self.assertRaises(SystemExit) as cm: p.GenerateConfig(context) self.assertEqual(cm.exception.code, ('Invalid [organization-id, parent-folder-id], ' 'must specify exactly one.'))
def test_patch_iam_policy_without_default_dm(self): """Test IAM patching correctly adds and removes service accounts without merging in the DM service account to the owner role""" env = copy.deepcopy(self.default_env) properties = copy.deepcopy(self.default_properties) del properties['set-dm-service-account-as-owner'] properties['iam-policy-patch'] = { 'add': [{ 'role': 'roles/owner', 'members': [ 'user:[email protected]', ] }], 'remove': [{ 'role': 'roles/editor', 'members': [ 'serviceAccount:[email protected]', ] }] } context = Context(env, properties) resources = p.GenerateConfig(context)['resources'] expected_patch = { 'add': [{ 'role': 'roles/owner', 'members': [ 'user:[email protected]', ] }], 'remove': [{ 'role': 'roles/editor', 'members': [ 'serviceAccount:[email protected]', ] }] } patch_action = [ resource for resource in resources if resource['name'] == 'patch-iam-policy-my-project'] self.assertEquals( expected_patch, patch_action[0]['properties']['gcpIamPolicyPatch'])