def test_schema_context_validation_type_field():
"""Test schema context validation for type field"""
from swag_client.backend import SWAGManager
from swag_client.util import parse_swag_config_options
swag_opts = {
'swag.schema_context': {
'type': ['billing', 'security', 'shared-service', 'service'],
}
}
swag = SWAGManager(**parse_swag_config_options(swag_opts))
data = {
"aliases": ["test"],
"contacts": ["*****@*****.**"],
"description": "This is just a test.",
"email": "*****@*****.**",
"environment": "dev",
"id": "012345678910",
"name": "testaccount",
"owner": "netflix",
"provider": "aws",
}
# Test with invalid account type
with pytest.raises(ValidationError):
data['type'] = 'bad_type'
swag.create(data)
# Test with a valid account type
data['type'] = 'billing'
account = swag.create(data)
assert account.get('type') == 'billing'
def test_schema_context_validation_owner_field():
"""Test schema context validation for owner field"""
from swag_client.backend import SWAGManager
from swag_client.util import parse_swag_config_options
swag_opts = {
'swag.schema_context': {
'owner': ['netflix', 'dvd', 'aws', 'third-party']
}
}
swag = SWAGManager(**parse_swag_config_options(swag_opts))
data = {
"aliases": ["test"],
"contacts": ["*****@*****.**"],
"description": "This is just a test.",
"email": "*****@*****.**",
"id": "012345678910",
"name": "testaccount",
"environment": "test",
"provider": "aws",
}
# Test with invalid owner
with pytest.raises(ValidationError):
data['owner'] = 'bad_owner'
swag.create(data)
# Test with a valid owner
data['owner'] = 'netflix'
account = swag.create(data)
assert account.get('owner') == 'netflix'
def test_s3_backend_update(s3_bucket_name):
from swag_client.backend import SWAGManager
from swag_client.util import parse_swag_config_options
swag_opts = {
'swag.type': 's3',
'swag.bucket_name': s3_bucket_name,
'swag.cache_expires': 0
}
swag = SWAGManager(**parse_swag_config_options(swag_opts))
account = {
'aliases': ['test'],
'contacts': ['*****@*****.**'],
'description': 'LOL, Test account',
'email': '*****@*****.**',
'environment': 'test',
'id': '012345678910',
'name': 'testaccount',
'owner': 'netflix',
'provider': 'aws',
'sensitive': False
}
swag.create(account)
account['aliases'] = ['test', 'prod']
swag.update(account)
item = swag.get("[?id=='{id}']".format(id=account['id']))
assert item['aliases'] == ['test', 'prod']
def test_dynamodb_backend_delete(dynamodb_table):
from swag_client.backend import SWAGManager
from swag_client.util import parse_swag_config_options
swag_opts = {
'swag.type': 'dynamodb',
'swag.namespace': 'accounts',
'swag.cache_expires': 0
}
swag = SWAGManager(**parse_swag_config_options(swag_opts))
account = {
'aliases': ['test'],
'contacts': ['*****@*****.**'],
'description': 'LOL, Test account',
'email': '*****@*****.**',
'environment': 'test',
'id': '012345678910',
'name': 'testaccount',
'owner': 'netflix',
'provider': 'aws',
'sensitive': False
}
swag.create(account)
swag.delete(account)
assert not swag.get("[?id=='012345678910']")
def swag_accounts(s3, retry):
"""Create mocked SWAG Accounts."""
from swag_client.backend import SWAGManager
from swag_client.util import parse_swag_config_options
bucket_name = 'SWAG'
data_file = 'accounts.json'
region = 'us-east-1'
owner = 'third-party'
s3.create_bucket(Bucket=bucket_name)
os.environ['SWAG_BUCKET'] = bucket_name
os.environ['SWAG_DATA_FILE'] = data_file
os.environ['SWAG_REGION'] = region
os.environ['SWAG_OWNER'] = owner
swag_opts = {
'swag.type': 's3',
'swag.bucket_name': bucket_name,
'swag.data_file': data_file,
'swag.region': region,
'swag.cache_expires': 0
}
swag = SWAGManager(**parse_swag_config_options(swag_opts))
account = {
'aliases': ['test'],
'contacts': ['*****@*****.**'],
'description':
'LOL, Test account',
'email':
'*****@*****.**',
'environment':
'test',
'id':
'012345678910',
'name':
'testaccount',
'owner':
'third-party',
'provider':
'aws',
'sensitive':
False,
'account_status':
'ready',
'services': [{
'name': 'historical',
'status': [{
'region': 'all',
'enabled': True
}]
}]
}
swag.create(account)
def test_get_by_name(s3_bucket_name):
from swag_client.swag import get_by_name
from swag_client.backend import SWAGManager
from swag_client.util import parse_swag_config_options
swag_opts = {
'swag.type': 's3',
'swag.bucket_name': s3_bucket_name,
'swag.schema_version': 1,
'swag.cache_expires': 0
}
swagv1 = SWAGManager(**parse_swag_config_options(swag_opts))
account = {
"bastion": "testaccount.net",
"metadata": {
"s3_name": "testaccounts3",
"cloudtrail_index": "cloudtrail_testaccount[yyyymm]",
"cloudtrail_kibana_url":
"http://testaccount.cloudtrail.dashboard.net",
"email": "*****@*****.**",
"account_number": "012345678910"
},
"schema_version": 1,
"owners": ["*****@*****.**"],
"email": "*****@*****.**",
"ours": True,
"description": "LOL, Test account",
"cmc_required": False,
"tags": ["testing"],
"id": "aws-012345678910",
"name": "testaccount",
"type": "aws",
"alias": [
"test",
]
}
swagv1.create(account)
# Test getting account named: 'testaccount'
account = get_by_name('testaccount', s3_bucket_name)
assert account['name'] == 'testaccount'
# Test by getting account that does not exist:
assert not get_by_name('does not exist', s3_bucket_name)
# With alias
account = get_by_name('test', s3_bucket_name, alias=True)
assert account['metadata']['account_number'] == '012345678910'
def test_get_all_accounts(s3_bucket_name):
from swag_client.swag import get_all_accounts
from swag_client.backend import SWAGManager
from swag_client.util import parse_swag_config_options
swag_opts = {
'swag.type': 's3',
'swag.bucket_name': s3_bucket_name,
'swag.schema_version': 1,
'swag.cache_expires': 0
}
swagv1 = SWAGManager(**parse_swag_config_options(swag_opts))
account = {
"bastion": "test2.net",
"metadata": {
"s3_name": "testaccounts3",
"cloudtrail_index": "cloudtrail_testaccount[yyyymm]",
"cloudtrail_kibana_url":
"http://testaccount.cloudtrail.dashboard.net",
"email": "*****@*****.**",
"account_number": "012345678910"
},
"schema_version": 1,
"owners": ["*****@*****.**"],
"ours": True,
"description": "LOL, Test account",
"cmc_required": False,
"email": "*****@*****.**",
"tags": ["testing"],
"id": "aws-012345678910",
"name": "testaccount",
"type": "aws",
"alias": [
"test",
]
}
swagv1.create(account)
data = get_all_accounts(s3_bucket_name)
assert len(data['accounts']) == 1
data = get_all_accounts(s3_bucket_name, **{'owners': ['*****@*****.**']})
assert len(data['accounts']) == 1
data = get_all_accounts(s3_bucket_name, bastion="test2.net")
assert len(data['accounts']) == 1
def test_s3_backend_delete_v1(s3_bucket_name):
from swag_client.backend import SWAGManager
from swag_client.util import parse_swag_config_options
swag_opts = {
'swag.type': 's3',
'swag.bucket_name': s3_bucket_name,
'swag.schema_version': 1,
'swag.cache_expires': 0
}
swagv1 = SWAGManager(**parse_swag_config_options(swag_opts))
account = {
"bastion": "testaccount.net",
"metadata": {
"s3_name": "testaccounts3",
"cloudtrail_index": "cloudtrail_testaccount[yyyymm]",
"cloudtrail_kibana_url":
"http://testaccount.cloudtrail.dashboard.net",
"email": "*****@*****.**",
"account_number": "012345678910"
},
"schema_version": 1,
"owners": ["*****@*****.**"],
"ours": True,
"email": "*****@*****.**",
"description": "LOL, Test account",
"cmc_required": False,
"tags": ["testing"],
"id": "aws-012345678910",
"name": "testaccount",
"type": "aws",
"alias": [
"test",
],
"services": {
"rolliepollie": {
"enabled": True
},
"awwwdit": {
"enabled": True
}
}
}
swagv1.create(account)
assert len(swagv1.get_all()['accounts']) == 1
swagv1.delete(account)
assert len(swagv1.get_all()['accounts']) == 0
def test_file_backend_create(temp_file_name):
from swag_client.backend import SWAGManager
from swag_client.util import parse_swag_config_options
swag_opts = {
'swag.data_file': str(temp_file_name),
'swag.cache_expires': 0
}
swag = SWAGManager(**parse_swag_config_options(swag_opts))
account = {
'aliases': ['test'],
'contacts': ['*****@*****.**'],
'description': 'LOL, Test account',
'email': '*****@*****.**',
'environment': 'test',
'id': '012345678910',
'name': 'testaccount',
'owner': 'netflix',
'provider': 'aws',
'sensitive': False
}
assert not swag.get_all()
item = swag.create(account)
assert swag.get("[?id=='{id}']".format(id=item['id']))
def test_s3_backend_delete(s3_bucket_name):
from swag_client.backend import SWAGManager
from swag_client.util import parse_swag_config_options
swag_opts = {
'swag.type': 's3',
'swag.bucket_name': s3_bucket_name,
'swag.cache_expires': 0
}
swag = SWAGManager(**parse_swag_config_options(swag_opts))
account = {
'aliases': ['test'],
'contacts': ['*****@*****.**'],
'description': 'LOL, Test account',
'email': '*****@*****.**',
'environment': 'test',
'id': '012345678910',
'name': 'testaccount',
'owner': 'netflix',
'provider': 'aws',
'sensitive': False
}
swag.create(account)
account = {
'aliases': ['test'],
'contacts': ['*****@*****.**'],
'description': 'LOL, Test account',
'email': '*****@*****.**',
'environment': 'test',
'id': '012345678911',
'name': 'testaccount',
'owner': 'netflix',
'provider': 'aws',
'sensitive': False
}
swag.create(account)
assert len(swag.get_all()) == 2
swag.delete(account)
assert len(swag.get_all()) == 1
def test_region_validation_field(s3_bucket_name):
"""Test schema context validation for owner field"""
from swag_client.backend import SWAGManager
from swag_client.util import parse_swag_config_options
swag_opts = {
'swag.type': 's3',
'swag.bucket_name': s3_bucket_name,
'swag.schema_version': 2,
'swag.cache_expires': 0
}
swag = SWAGManager(**parse_swag_config_options(swag_opts))
data = {
"aliases": ["test"],
"contacts": ["*****@*****.**"],
"description": "This is just a test.",
"email": "*****@*****.**",
"id": "012345678910",
"name": "testaccount",
"environment": "test",
"provider": "aws",
"status": [{
"region": "us-west-2",
"status": "created",
"notes": []
}],
"account_status": "created",
"regions": {
"us-east-1": {
"status": "created",
"az_mapping": []
}
}
}
# Test with invalid account_status
with pytest.raises(ValidationError):
swag.create(data)
# Test with a valid account_status
data['regions']['us-east-1']['az_mapping'] = {}
account = swag.create(data)
assert account.get('account_status') == 'created'
def propagate(ctx):
"""Transfers SWAG data from one backend to another"""
data = []
if ctx.type == 'file':
if ctx.data_file:
file_path = ctx.data_file
else:
file_path = os.path.join(ctx.data_dir, ctx.namespace + '.json')
with open(file_path, 'r') as f:
data = json.loads(f.read())
swag_opts = {'swag.type': 'dynamodb'}
swag = SWAGManager(**parse_swag_config_options(swag_opts))
for item in data:
time.sleep(2)
swag.create(item, dry_run=ctx.dry_run)
def dynamodb_table(aws_credentials):
from swag_client.backend import SWAGManager
from swag_client.util import parse_swag_config_options
with mock_dynamodb2():
resource = boto3.resource('dynamodb', region_name='us-east-1')
table = resource.create_table(TableName='accounts',
KeySchema=[{
'AttributeName': 'id',
'KeyType': 'HASH'
}],
AttributeDefinitions=[{
'AttributeName':
'id',
'AttributeType':
'S'
}],
ProvisionedThroughput={
'ReadCapacityUnits': 1,
'WriteCapacityUnits': 1
})
table.meta.client.get_waiter('table_exists').wait(TableName='accounts')
swag_opts = {
'swag.type': 'dynamodb',
'swag.namespace': 'accounts',
'swag.cache_expires': 0
}
swag = SWAGManager(**parse_swag_config_options(swag_opts))
cwd = os.path.dirname(os.path.realpath(__file__))
account_file = os.path.join(cwd, 'vectors/accounts.json')
with open(account_file, 'r') as f:
accounts = json.loads(f.read())
for account in accounts:
swag.create(account)
yield
def swag_accounts(s3):
from swag_client.backend import SWAGManager
from swag_client.util import parse_swag_config_options
bucket_name = 'SWAG'
data_file = 'accounts.json'
region = 'us-east-1'
owner = 'third-party'
s3.create_bucket(Bucket=bucket_name)
os.environ['SWAG_BUCKET'] = bucket_name
os.environ['SWAG_DATA_FILE'] = data_file
os.environ['SWAG_REGION'] = region
os.environ['SWAG_OWNER'] = owner
swag_opts = {
'swag.type': 's3',
'swag.bucket_name': bucket_name,
'swag.data_file': data_file,
'swag.region': region,
'swag.cache_expires': 0
}
swag = SWAGManager(**parse_swag_config_options(swag_opts))
account = {
'aliases': ['test'],
'contacts': ['*****@*****.**'],
'description': 'LOL, Test account',
'email': '*****@*****.**',
'environment': 'test',
'id': '012345678910',
'name': 'testaccount',
'owner': 'third-party',
'provider': 'aws',
'sensitive': False,
'services': []
}
swag.create(account)
def swag_accounts(s3):
from swag_client.backend import SWAGManager
from swag_client.util import parse_swag_config_options
bucket_name = "SWAG"
data_file = "accounts.json"
region = "us-east-1"
owner = "third-party"
s3.create_bucket(Bucket=bucket_name)
os.environ["SWAG_BUCKET"] = bucket_name
os.environ["SWAG_DATA_FILE"] = data_file
os.environ["SWAG_REGION"] = region
os.environ["SWAG_OWNER"] = owner
swag_opts = {
"swag.type": "s3",
"swag.bucket_name": bucket_name,
"swag.data_file": data_file,
"swag.region": region,
"swag.cache_expires": 0,
}
swag = SWAGManager(**parse_swag_config_options(swag_opts))
account = {
"aliases": ["test"],
"contacts": ["*****@*****.**"],
"description": "LOL, Test account",
"email": "*****@*****.**",
"environment": "test",
"id": "012345678910",
"name": "testaccount",
"owner": "third-party",
"provider": "aws",
"sensitive": False,
"services": [],
}
swag.create(account)
def test_get_only_test_accounts(swag_accounts):
"""Tests that the SWAG logic will only return 'test' accounts if specified."""
from historical.common.accounts import get_historical_accounts
# Setup:
bucket_name = 'SWAG'
data_file = 'accounts.json'
region = 'us-east-1'
owner = 'third-party'
os.environ['SWAG_BUCKET'] = bucket_name
os.environ['SWAG_DATA_FILE'] = data_file
os.environ['SWAG_REGION'] = region
os.environ['SWAG_OWNER'] = owner
swag_opts = {
'swag.type': 's3',
'swag.bucket_name': bucket_name,
'swag.data_file': data_file,
'swag.region': region,
'swag.cache_expires': 0
}
swag = SWAGManager(**parse_swag_config_options(swag_opts))
# Production account:
account = {
'aliases': ['prod'],
'contacts': ['*****@*****.**'],
'description':
'LOL, PROD account',
'email':
'*****@*****.**',
'environment':
'prod',
'id':
'999999999999',
'name':
'prodaccount',
'owner':
'third-party',
'provider':
'aws',
'sensitive':
False,
'account_status':
'ready',
'services': [{
'name': 'historical',
'status': [{
'region': 'all',
'enabled': True
}]
}]
}
swag.create(account)
# Get all the swag accounts:
result = get_historical_accounts()
assert len(result) == 2
assert result[1]['environment'] == 'prod'
assert result[1]['id'] == '999999999999'
# Only test accounts:
os.environ['TEST_ACCOUNTS_ONLY'] = 'True'
result = get_historical_accounts()
assert len(result) == 1
assert result[0]['environment'] == 'test'
assert result[0]['id'] != '999999999999'
# Test the boolean logic:
os.environ['TEST_ACCOUNTS_ONLY'] = ''
result = get_historical_accounts()
assert len(result) == 2
os.environ['TEST_ACCOUNTS_ONLY'] = 'false'
result = get_historical_accounts()
assert len(result) == 2
# Make sure that disabled/deleted accounts are not in the results:
account['account_status'] = 'deleted'
swag.update(account)
result = get_historical_accounts()
assert len(result) == 1