def test_create_aws_clount_fails_same_aws_account_different_arn(
self, mock_enable, mock_notify_sources):
"""
Test create_aws_cloud_account fails with same ARN and different AWS Account.
If we ever change cloudigrade to support multiple ARNs in the same AWS Account,
this test and its underlying logic must be rewritten.
"""
util.create_aws_cloud_account(self.user, self.arn, self.name,
self.auth_id, self.app_id,
self.source_id)
other_name = self.name = _faker.word()
other_arn = util_helper.generate_dummy_arn(
account_id=self.aws_account_id, resource=_faker.word())
self.assertNotEqual(self.arn, other_arn)
with self.assertRaises(ValidationError) as raise_context:
util.create_aws_cloud_account(
self.user,
other_arn,
other_name,
self.auth_id,
self.app_id,
self.source_id,
)
exception_detail = raise_context.exception.detail
self.assertIn("account_arn", exception_detail)
self.assertIn("Could not set up cloud metering.",
exception_detail["account_arn"])
self.assertIn("CG1002", exception_detail["account_arn"])
def test_create_aws_clount_fails_with_same_user_same_name(
self, mock_enable, mock_notify_sources):
"""Test create_aws_cloud_account fails with same name different platform IDs."""
# The first call just creates the existing objects.
util.create_aws_cloud_account(self.user, self.arn, self.name,
self.auth_id, self.app_id,
self.source_id)
other_arn = util_helper.generate_dummy_arn()
other_auth_id = _faker.pyint()
other_app_id = _faker.pyint()
other_source_id = _faker.pyint()
with self.assertRaises(ValidationError) as raise_context:
util.create_aws_cloud_account(
self.user,
other_arn,
self.name,
other_auth_id,
other_app_id,
other_source_id,
)
exception_detail = raise_context.exception.detail
self.assertIn("name", exception_detail)
self.assertIn("Could not set up cloud metering.",
exception_detail["name"])
self.assertIn("CG1003", exception_detail["name"])
def test_create_aws_clount_success(self, mock_enable):
"""Test create_aws_cloud_account success."""
util.create_aws_cloud_account(self.user, self.arn, self.name,
self.auth_id, self.app_id,
self.source_id)
mock_enable.assert_called()
def test_create_aws_clount_fails_with_different_user_same_account_id(
self, mock_enable, mock_notify_sources):
"""Test create_aws_cloud_account failure message for different user."""
# The first call just creates the existing objects.
util.create_aws_cloud_account(self.user, self.arn, self.name,
self.auth_id, self.app_id,
self.source_id)
other_arn = util_helper.generate_dummy_arn(
account_id=self.aws_account_id, resource=_faker.word())
other_auth_id = _faker.pyint()
other_app_id = _faker.pyint()
other_source_id = _faker.pyint()
other_user = util_helper.generate_test_user()
with self.assertRaises(ValidationError) as raise_context:
util.create_aws_cloud_account(
other_user,
other_arn,
self.name,
other_auth_id,
other_app_id,
other_source_id,
)
exception_detail = raise_context.exception.detail
self.assertIn("Could not set up cloud metering.",
exception_detail["account_arn"])
self.assertNotIn("CG1002", exception_detail["account_arn"])
def configure_customer_aws_and_create_cloud_account(username, customer_arn,
authentication_id,
application_id, source_id):
"""
Configure the customer's AWS account and create our CloudAccount.
This function is decorated to retry if an unhandled `RuntimeError` is
raised, which is the exception we raise in `rewrap_aws_errors` if we
encounter an unexpected error from AWS. This means it should keep retrying
if AWS is misbehaving.
Args:
username (string): Username of the user that will own the new cloud account
customer_arn (str): customer's ARN
authentication_id (str): Platform Sources' Authentication object id
application_id (str): Platform Sources' Application object id
source_id (str): Platform Sources' Source object id
"""
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
error = error_codes.CG1000
error.log_internal_message(logger, {
"application_id": application_id,
"username": username
})
error.notify(username, application_id)
return
try:
customer_aws_account_id = aws.AwsArn(customer_arn).account_id
except InvalidArn:
error = error_codes.CG1004
error.log_internal_message(logger, {"application_id": application_id})
error.notify(username, application_id)
return
cloud_account_name = get_standard_cloud_account_name(
"aws", customer_aws_account_id)
try:
create_aws_cloud_account(
user,
customer_arn,
cloud_account_name,
authentication_id,
application_id,
source_id,
)
except ValidationError as e:
logger.info("Unable to create cloud account: error %s", e.detail)
def test_create_aws_clount_fails_with_same_arn_same_user(
self, mock_enable, mock_notify_sources):
"""Test create_aws_cloud_account failure message for same user."""
util.create_aws_cloud_account(self.user, self.arn, self.name,
self.auth_id, self.app_id,
self.source_id)
other_name = self.name = _faker.word()
with self.assertRaises(ValidationError) as raise_context:
util.create_aws_cloud_account(
self.user,
self.arn,
other_name,
self.auth_id,
self.app_id,
self.source_id,
)
exception_detail = raise_context.exception.detail
self.assertIn("account_arn", exception_detail)
self.assertIn("Could not set up cloud metering.",
exception_detail["account_arn"])
self.assertIn("CG1001", exception_detail["account_arn"])
def test_create_aws_clount_fails_with_same_arn_different_user(
self, mock_enable, mock_notify_sources):
"""Test create_aws_cloud_account fails with same ARN and a different user."""
util.create_aws_cloud_account(self.user, self.arn, self.name,
self.auth_id, self.app_id,
self.source_id)
other_user = util_helper.generate_test_user()
other_name = self.name = _faker.word()
with self.assertRaises(ValidationError) as raise_context:
util.create_aws_cloud_account(
other_user,
self.arn,
other_name,
self.auth_id,
self.app_id,
self.source_id,
)
exception_detail = raise_context.exception.detail
self.assertIn("account_arn", exception_detail)
self.assertIn("Could not set up cloud metering.",
exception_detail["account_arn"])
self.assertNotIn("CG1002", exception_detail["account_arn"])
def create_aws_cloud_account(self, validated_data):
"""
Create an AWS flavored CloudAccount.
Validate that we have the right access to the customer's AWS clount,
set up Cloud Trail on their clount.
"""
arn = validated_data["account_arn"]
user = self.context["request"].user
name = validated_data.get("name")
platform_authentication_id = validated_data.get("platform_authentication_id")
platform_application_id = validated_data.get("platform_application_id")
platform_source_id = validated_data.get("platform_source_id")
cloud_account = create_aws_cloud_account(
user,
arn,
name,
platform_authentication_id,
platform_application_id,
platform_source_id,
)
return cloud_account
