def setUp(self, mock_org_dao, mock_folder_dao, mock_project_dao): mock_org_dao.return_value = None mock_folder_dao.return_value = None mock_project_dao.return_value = None self.org_res_rel_dao = org_resource_rel_dao.OrgResourceRelDao({}) # TODO: move this to separate module self.fake_org = organization.Organization( organization_id=1, display_name='Org 1') self.fake_folder1 = folder.Folder( folder_id=11, display_name='Folder 1', parent=self.fake_org) self.fake_folder2 = folder.Folder( folder_id=22, display_name='Folder 2', parent=self.fake_folder1) self.fake_project1 = project.Project( project_number=111, project_id='project-1', display_name='Project 1', parent=self.fake_folder2) self.fake_timestamp = '1234567890'
def get_folder_iam_policies(self, resource_name, timestamp): """Get the folder policies. This does not raise any errors if there's a database or json parse error because we want to return as many folders as possible. Args: resource_name (str): The resource type. timestamp (str): The timestamp of the snapshot. Returns: dict: A dict keyed by the folders (gcp_type.folder.Folder) and their iam policies (dict). """ folder_iam_policies = {} query = select_data.FOLDER_IAM_POLICIES.format(timestamp, timestamp) rows = self.execute_sql_with_fetch(resource_name, query, ()) for row in rows: try: folder = gcp_folder.Folder( folder_id=row.get('folder_id'), display_name=row.get('display_name'), lifecycle_state=row.get('lifecycle_state'), parent=resource_util.create_resource( resource_id=row.get('parent_id'), resource_type=row.get('parent_type'))) iam_policy = json.loads(row.get('iam_policy')) folder_iam_policies[folder] = iam_policy except ValueError: LOGGER.warn('Error parsing json:\n %s', row.get('iam_policy')) return folder_iam_policies
def test_get_folder_iam_policies(self): """Test that get_folder_iam_policies() returns expected data. Setup: Create magic mock for execute_sql_with_fetch(). Create fake row of folder data. Expect: * get_folder_iam_policies() call returns expected data: a dict of Folders and their IAM policies. """ folder_id = self.fake_folders_db_rows[0]['folder_id'] iam_policy = {'role': 'roles/something', 'members': ['user:[email protected]']} fake_folder_iam_policies = [{ 'folder_id': folder_id, 'display_name': 'folder1', 'lifecycle_state': 'ACTIVE', 'parent_id': None, 'parent_type': None, 'iam_policy': json.dumps(iam_policy) }] self.fetch_mock.return_value = fake_folder_iam_policies actual = self.folder_dao.get_folder_iam_policies( self.resource_name, self.fake_timestamp) folder = gcp_folder.Folder(folder_id) expected = {folder: iam_policy} self.assertEqual(expected, actual)
def setUp(self): """Set up.""" self.fake_timestamp = '12345' self.org789 = Organization('778899', display_name='My org') self.project1 = Project('my-project-1', 12345, display_name='My project 1', parent=self.org789) self.project2 = Project('my-project-2', 12346, display_name='My project 2') self.folder1 = folder.Folder('333', display_name='Folder 1', parent=self.org789) self.project3 = Project('my-project-3', 12347, display_name='My project 3', parent=self.folder1) # patch the organization resource relation dao self.patcher = mock.patch( 'google.cloud.security.common.data_access.org_resource_rel_dao.OrgResourceRelDao' ) self.mock_org_rel_dao = self.patcher.start() self.mock_org_rel_dao.return_value = None
def test_retrieve_error_logged_when_api_error(self, mock_logger): """Test that LOGGER.error() is called when there is an API error.""" self.mock_dao.get_folders.return_value = [folder.Folder(self.fake_id)] self.pipeline.api_client.get_folder_iam_policies.side_effect = ( api_errors.ApiExecutionError('11111', mock.MagicMock())) results = self.pipeline._retrieve() self.assertEqual([], results) self.assertEqual(1, mock_logger.error.call_count)
def test_api_is_called_to_retrieve_folder_policies(self): """Test that api is called to retrieve folder policies.""" self.mock_dao.get_folders.return_value = [folder.Folder(self.fake_id)] self.pipeline._retrieve() self.pipeline.api_client \ .get_folder_iam_policies.assert_called_once_with( self.pipeline.RESOURCE_NAME, self.fake_id)
def test_get_folder_policies_works(self, mock_dao): """Test that get_folder_iam_policies() works.""" fake_folder_policies = [{ folder.Folder('11111'): { 'role': 'roles/a', 'members': ['user:[email protected]', 'group:[email protected]'] } }] mock_dao.FolderDao({}).get_folder_iam_policies.return_value = ( fake_folder_policies) policies = self.scanner._get_folder_iam_policies() self.assertEqual(fake_folder_policies, policies)
def test_create_folder_getters_are_correct(self): """Test whether the Folder getter methods return expected data.""" my_folder_id = '123456' my_folder_name = 'My folder name' f1 = folder.Folder(my_folder_id, display_name=my_folder_name, lifecycle_state=folder.FolderLifecycleState.ACTIVE) self.assertEqual(my_folder_id, f1.id) self.assertEqual( folder.Folder.RESOURCE_NAME_FMT % my_folder_id, f1.name) self.assertEqual(my_folder_name, f1.display_name) self.assertEqual(resource.ResourceType.FOLDER, f1.type) self.assertEqual(None, f1.parent) self.assertEqual(folder.FolderLifecycleState.ACTIVE, f1.lifecycle_state)
def test_org_notequals_project(self): """Test that an Organization != Project.""" proj_id = 'my-project-1' proj_num = 1234567890 proj_name = 'My project 1' project1 = Project(proj_id, proj_num, display_name=proj_name) folder_id = '88888' folder_name = 'My folder' folder1 = folder.Folder(folder_id, display_name=folder_name) org_id = '1234567890' org_name = 'My org 1' org1 = Organization(org_id, display_name=org_name) self.assertTrue(org1 != project1) self.assertTrue(org1 != folder1)
def map_row_to_object(row): """Instantiate a Folder from a database row. TODO: Make this go away when we start using an ORM. Args: row (dict): The database row to map to the Folder object. Returns: Folder: A Folder from the database row. """ return gcp_folder.Folder(folder_id=row.get('folder_id'), name=row.get('name'), display_name=row.get('display_name'), lifecycle_state=row.get('lifecycle_state'), parent=resource_util.create_resource( resource_id=row.get('parent_id'), resource_type=row.get('parent_type')))
def setUp(self): self.folder1 = folder.Folder( '12345', display_name='My folder', lifecycle_state=folder.FolderLifecycleState.ACTIVE)