def test_org_notequals_other_org_is_true(self):
"""Test inequality of an Organization to another."""
id_1 = '1234567890'
name_1 = 'My org 1'
org1 = Organization(id_1, org_name=name_1)
id_2 = '1234567891'
name_2 = 'My org 2'
org2 = Organization(id_2, org_name=name_2)
self.assertTrue(org1 != org2)
def test_not_equals(self):
"""Test inequality of an Organization to another."""
id_1 = '1234567890'
name_1 = 'My org 1'
org1 = Organization(id_1, display_name=name_1)
id_2 = '1234567891'
name_2 = 'My org 2'
org2 = Organization(id_2, display_name=name_2)
self.assertTrue(org1 != org2)
def setUp(self):
"""Set up."""
self.maxDiff = None
self.fake_timestamp = '12345'
self.org789 = Organization('778899', display_name='My org')
self.project1 = Project('my-project-1',
12345,
display_name='My project 1',
parent=self.org789)
self.project2 = Project('my-project-2',
12346,
display_name='My project 2')
# patch the daos
self.org_patcher = mock.patch(
'google.cloud.security.common.data_access.'
'org_resource_rel_dao.OrgResourceRelDao')
self.mock_org_rel_dao = self.org_patcher.start()
self.mock_org_rel_dao.return_value = None
self.project_patcher = mock.patch(
'google.cloud.security.common.data_access.'
'project_dao.ProjectDao')
self.mock_project_dao = self.project_patcher.start()
self.mock_project_dao.return_value = None
def setUp(self):
"""Set up."""
self.fake_timestamp = '12345'
self.org789 = Organization('778899', display_name='My org')
self.project1 = Project('my-project-1',
12345,
display_name='My project 1',
parent=self.org789)
self.project2 = Project('my-project-2',
12346,
display_name='My project 2')
self.folder1 = folder.Folder('333',
display_name='Folder 1',
parent=self.org789)
self.project3 = Project('my-project-3',
12347,
display_name='My project 3',
parent=self.folder1)
# patch the organization resource relation dao
self.patcher = mock.patch(
'google.cloud.security.common.data_access.org_resource_rel_dao.OrgResourceRelDao'
)
self.mock_org_rel_dao = self.patcher.start()
self.mock_org_rel_dao.return_value = None
def get_org_iam_policies(self, timestamp):
"""Get the organization policies.
Args:
timestamp: The timestamp of the snapshot.
Returns:
A dict keyed by the organizations
(gcp_type.organization.Organization) and their iam policies (dict).
"""
org_iam_policies = {}
try:
cursor = self.conn.cursor()
cursor.execute(select_data.ORG_IAM_POLICIES.format(timestamp))
rows = cursor.fetchall()
for row in rows:
try:
org = Organization(organization_id=row[0])
iam_policy = json.loads(row[1])
org_iam_policies[org] = iam_policy
except ValueError as json_error:
self.logging.warn('Error parsing json {}'.format(row[2]))
except (DataError, IntegrityError, InternalError, NotSupportedError,
OperationalError, ProgrammingError) as e:
LOGGER.error(MySQLError('organizations', e))
return org_iam_policies
def test_create_resource_is_ok(self):
"""Test the ResourceUtil.create_resource() creates the types."""
expect_org = Organization(12345, 'Org a')
actual_org = ResourceUtil.create_resource(12345, 'Org a')
self.assertEqual(expect_org, actual_org)
expect_proj = Project('abcd', 'Proj a')
actual_proj = ResourceUtil.create_resource('abcd', 'Proj a')
self.assertEqual(expect_proj, expect_proj)
def test_project_ancestors_include_self(self):
"""Test Project ancestors when including self."""
org = Organization('1234567890', org_name='My org name')
project = Project('my-project-id',
333,
project_name='My project',
parent=org)
expected = [project, org]
actual = [a for a in project.get_ancestors()]
self.assertEqual(expected, actual)
def test_project_in_org_returns_org_ancestor(self):
"""Test that a Project with Org ancestor returns Org ancestor."""
org = Organization('1234567890', org_name='My org name')
project = Project('my-project-id',
333,
project_name='My project',
parent=org)
expected = [org]
actual = [a for a in project.get_ancestors(include_self=False)]
self.assertEqual(expected, actual)
def test_create_resource_is_ok(self):
"""Test the resource_util.create_resource() creates the types."""
expect_org = Organization(12345)
actual_org = resource_util.create_resource(
12345, ResourceType.ORGANIZATION)
self.assertEqual(expect_org, actual_org)
expect_proj = Project('abcd', 54321)
actual_proj = resource_util.create_resource(
'abcd', ResourceType.PROJECT, project_number=54321)
self.assertEqual(expect_proj, actual_proj)
self.assertEqual(expect_proj.project_number, actual_proj.project_number)
def test_org_notequals_project_is_true(self):
"""Test inequality of an Organization to a Project."""
id_1 = 'my-project-1'
number_1 = 1234567890
name_1 = 'My project 1'
project = Project(id_1, number_1, project_name=name_1)
id_2 = '1234567890'
name_2 = 'My org 1'
org = Organization(id_2, org_name=name_2)
self.assertTrue(project != org)
def test_project_notequals_org_is_true(self):
"""Test that a Project != Organization."""
id_1 = 'my-project-1'
number_1 = 1234567890
name_1 = 'My project 1'
project = Project(id_1, number_1, display_name=name_1)
id_2 = '1234567890'
name_2 = 'My org 1'
org = Organization(id_2, display_name=name_2)
self.assertTrue(project != org)
def test_create_org_getters_are_correct(self):
"""Test the Organization getters."""
my_org_id = '1234567890'
my_org_name = 'My org name'
org = Organization(my_org_id,
display_name=my_org_name,
lifecycle_state=OrgLifecycleState.ACTIVE)
self.assertEqual(my_org_id, org.id)
self.assertEqual(my_org_name, org.display_name)
self.assertEqual(Organization.RESOURCE_NAME_FMT % my_org_id, org.name)
self.assertEqual(ResourceType.ORGANIZATION, org.type)
self.assertEqual(None, org.parent)
self.assertEqual(OrgLifecycleState.ACTIVE, org.lifecycle_state)
def test_create_org_getters_are_correct(self):
"""Test the Organization getters."""
my_org_id = '1234567890'
my_org_name = 'My org name'
org = Organization(my_org_id,
org_name=my_org_name,
lifecycle_state=OrgLifecycleState.ACTIVE)
self.assertEqual(my_org_id, org.get_id())
self.assertEqual(my_org_name, org.get_name())
self.assertEqual(ResourceType.ORGANIZATION, org.get_type())
self.assertEqual(None, org.get_parent())
self.assertEqual(OrgLifecycleState.ACTIVE, org.get_lifecycle_state())
def setUp(self):
self.org = Organization('1234567890', display_name='My org name')
self.folder = Folder('55555',
display_name='My folder',
parent=self.org)
self.project1 = Project('project-1', 11111, display_name='Project 1')
self.project2 = Project('project-2',
22222,
display_name='Project 2',
parent=self.org)
self.project3 = Project('project-3',
33333,
display_name='Project 3',
parent=self.folder)
def test_org_notequals_project(self):
"""Test that an Organization != Project."""
proj_id = 'my-project-1'
proj_num = 1234567890
proj_name = 'My project 1'
project1 = Project(proj_id, proj_num, display_name=proj_name)
folder_id = '88888'
folder_name = 'My folder'
folder1 = folder.Folder(folder_id, display_name=folder_name)
org_id = '1234567890'
org_name = 'My org 1'
org1 = Organization(org_id, display_name=org_name)
self.assertTrue(org1 != project1)
self.assertTrue(org1 != folder1)
class OrganizationTest(basetest.TestCase):
def setUp(self):
self.org1 = Organization('1234567890',
display_name='My org',
lifecycle_state=OrgLifecycleState.ACTIVE)
def test_create_org_getters_are_correct(self):
"""Test the Organization getters."""
my_org_id = '1234567890'
my_org_name = 'My org name'
org = Organization(my_org_id,
display_name=my_org_name,
lifecycle_state=OrgLifecycleState.ACTIVE)
self.assertEqual(my_org_id, org.id)
self.assertEqual(my_org_name, org.display_name)
self.assertEqual(Organization.RESOURCE_NAME_FMT % my_org_id, org.name)
self.assertEqual(ResourceType.ORGANIZATION, org.type)
self.assertEqual(None, org.parent)
self.assertEqual(OrgLifecycleState.ACTIVE, org.lifecycle_state)
def test_org_type_is_organization(self):
"""Test that a created Organization is a ResourceType.ORGANIZATION."""
self.assertEqual(ResourceType.ORGANIZATION, self.org1.type)
def test_equality(self):
"""Test equality of an Organization to another is true."""
id_1 = '1234567890'
name_1 = 'My org 1'
org1 = Organization(id_1, display_name=name_1)
id_2 = '1234567890'
name_2 = 'My org 1'
org2 = Organization(id_2, display_name=name_2)
self.assertTrue(org1 == org2)
def test_not_equals(self):
"""Test inequality of an Organization to another."""
id_1 = '1234567890'
name_1 = 'My org 1'
org1 = Organization(id_1, display_name=name_1)
id_2 = '1234567891'
name_2 = 'My org 2'
org2 = Organization(id_2, display_name=name_2)
self.assertTrue(org1 != org2)
def test_org_notequals_project(self):
"""Test that an Organization != Project."""
proj_id = 'my-project-1'
proj_num = 1234567890
proj_name = 'My project 1'
project1 = Project(proj_id, proj_num, display_name=proj_name)
folder_id = '88888'
folder_name = 'My folder'
folder1 = folder.Folder(folder_id, display_name=folder_name)
org_id = '1234567890'
org_name = 'My org 1'
org1 = Organization(org_id, display_name=org_name)
self.assertTrue(org1 != project1)
self.assertTrue(org1 != folder1)
@mock.patch.object(CloudResourceManagerClient,
'get_organization',
autospec=True)
def test_org_exists(self, mock_crm):
"""Tests that the organization exists."""
mock_crm.return_value = True
self.assertTrue(self.org1.exists())
def setUp(self):
"""Set up."""
self.project1 = Project('my-project-1',
12345,
project_name='My project 1')
self.project2 = Project('my-project-2',
12346,
project_name='My project 2')
self.org789 = Organization('778899', org_name='My org')
self.RULES1 = {
'rules': [{
'name':
'my rule',
'mode':
'whitelist',
'resource': [{
'type': 'organization',
'applies_to': 'self_and_children',
'resource_ids': ['778899']
}, {
'type': 'project',
'applies_to': 'self',
'resource_ids': [
'my-project-1',
'my-project-2',
]
}],
'inherit_from_parent':
False,
'bindings': [{
'role': 'roles/*',
'members': ['user:*@company.com']
}]
}]
}
self.RULES2 = {
'rules': [{
'name':
'my rule',
'mode':
'whitelist',
'resource': [{
'type': 'organization',
'applies_to': 'self_and_children',
'resource_ids': ['778899']
}, {
'type': 'project',
'applies_to': 'self',
'resource_ids': [
'my-project-1',
'my-project-2',
]
}],
'inherit_from_parent':
False,
'bindings': [{
'role': 'roles/*',
'members': ['user:*@company.com']
}]
}, {
'name':
'my other rule',
'mode':
'blacklist',
'resource': [{
'type': 'project',
'applies_to': 'self',
'resource_ids': [
'my-project-2',
]
}],
'inherit_from_parent':
False,
'bindings': [{
'role': 'roles/*',
'members': ['user:[email protected]']
}]
}, {
'name':
'required rule',
'mode':
'required',
'resource': [{
'type': 'project',
'applies_to': 'self',
'resource_ids': [
'my-project-1',
]
}],
'inherit_from_parent':
False,
'bindings': [{
'role': 'roles/viewer',
'members': ['user:[email protected]']
}]
}]
}
self.RULES3 = {
'rules': [{
'name':
'my whitelist rule',
'mode':
'whitelist',
'resource': [{
'type': 'organization',
'applies_to': 'self_and_children',
'resource_ids': ['778899']
}, {
'type': 'project',
'applies_to': 'self',
'resource_ids': [
'my-project-1',
'my-project-2',
]
}],
'inherit_from_parent':
False,
'bindings': [{
'role': 'roles/*',
'members': ['user:*@company.com']
}]
}, {
'name':
'my blacklist rule',
'mode':
'blacklist',
'resource': [{
'type': 'organization',
'applies_to': 'self_and_children',
'resource_ids': ['778899']
}],
'inherit_from_parent':
False,
'bindings': [{
'role': 'roles/*',
'members': ['user:[email protected]']
}]
}, {
'name':
'my required rule',
'mode':
'required',
'resource': [{
'type': 'project',
'applies_to': 'self',
'resource_ids': [
'my-project-1',
]
}],
'inherit_from_parent':
False,
'bindings': [{
'role': 'roles/viewer',
'members': ['user:[email protected]']
}]
}]
}
class OrganizationTest(basetest.TestCase):
def setUp(self):
self.org1 = Organization('1234567890',
org_name='My org',
lifecycle_state=OrgLifecycleState.ACTIVE)
def test_create_org_getters_are_correct(self):
"""Test the Organization getters."""
my_org_id = '1234567890'
my_org_name = 'My org name'
org = Organization(my_org_id,
org_name=my_org_name,
lifecycle_state=OrgLifecycleState.ACTIVE)
self.assertEqual(my_org_id, org.get_id())
self.assertEqual(my_org_name, org.get_name())
self.assertEqual(ResourceType.ORGANIZATION, org.get_type())
self.assertEqual(None, org.get_parent())
self.assertEqual(OrgLifecycleState.ACTIVE, org.get_lifecycle_state())
def test_org_type_is_organization(self):
"""Test that a created Organization is a ResourceType.ORGANIZATION."""
self.assertEqual(ResourceType.ORGANIZATION, self.org1.get_type())
def test_org_equals_other_org_is_true(self):
"""Test equality of an Organization to another is true."""
id_1 = '1234567890'
name_1 = 'My org 1'
org1 = Organization(id_1, org_name=name_1)
id_2 = '1234567890'
name_2 = 'My org 1'
org2 = Organization(id_2, org_name=name_2)
self.assertTrue(org1 == org2)
def test_org_notequals_other_org_is_true(self):
"""Test inequality of an Organization to another."""
id_1 = '1234567890'
name_1 = 'My org 1'
org1 = Organization(id_1, org_name=name_1)
id_2 = '1234567891'
name_2 = 'My org 2'
org2 = Organization(id_2, org_name=name_2)
self.assertTrue(org1 != org2)
def test_org_notequals_project_is_true(self):
"""Test inequality of an Organization to a Project."""
id_1 = 'my-project-1'
number_1 = 1234567890
name_1 = 'My project 1'
project = Project(id_1, number_1, project_name=name_1)
id_2 = '1234567890'
name_2 = 'My org 1'
org = Organization(id_2, org_name=name_2)
self.assertTrue(project != org)
def test_org_empty_ancestors(self):
"""Test that an Organization has no ancestors."""
expected = []
actual = [a for a in self.org1.get_ancestors(include_self=False)]
self.assertEqual(expected, actual)
def test_org_ancestors_include_self(self):
"""Test getting ancestry when including self."""
expected = [self.org1]
actual = [a for a in self.org1.get_ancestors()]
self.assertEqual(expected, actual)
@mock.patch.object(CloudResourceManagerClient,
'get_organization',
autospec=True)
def test_org_exists(self, mock_crm):
"""Tests that the organization exists."""
mock_crm.return_value = True
self.assertTrue(self.org1.exists())
def setUp(self):
self.org1 = Organization('1234567890',
display_name='My org',
lifecycle_state=OrgLifecycleState.ACTIVE)
