def execute_confirm_awscoop(task_id):
pm_logger = common_utils.begin_logger(task_id, __name__,
inspect.currentframe())
coop_id = organizationTask_logic.check_process_status(task_id)
if coop_id is None:
pm_logger.error("組織タスク情報取得に失敗しました。: TaskID=%s", task_id)
raise PmError()
try:
awscoop = pm_awsAccountCoops.query_awscoop_coop_key(task_id, coop_id)
except PmError as e:
pm_logger.error("AWSアカウント連携情報取得に失敗しました。: CoopID=%s", coop_id)
raise common_utils.write_log_pm_error(e, pm_logger, exc_info=True)
if (not awscoop):
pm_logger.warning("AWSアカウント連携情報がありません。: CoopID=%s", coop_id)
raise PmError()
try:
aws_common.create_session_client(task_id, awscoop['AWSAccount'],
awscoop['RoleName'],
awscoop['ExternalID'])
pm_logger.info("クレデンシャルが正常に取得されました。: CoopID=%s", coop_id)
except PmError as err:
pm_logger.error("クレデンシャル取得に失敗しました。: CoopID=%s", coop_id)
try:
attribute = {'Effective': {"Value": Effective.Disable.value}}
pm_awsAccountCoops.update_awscoops(task_id, coop_id, attribute)
except PmError as e:
pm_logger.error("AWSアカウント連携情報の更新に失敗しました。: CoopID=%s", coop_id)
raise common_utils.write_log_pm_error(err,
pm_logger,
exc_info=True)
def test_get_check_awsaccounts_case_error_create_record_pm_check_results(
self):
# patch mock
patch_query_key_pm_check_history = patch(
"premembers.repository.pm_checkHistory.query_key")
patch_query_key_pm_organizations = patch(
"premembers.repository.pm_organizations.get_organization")
patch_query_key_pm_project = patch(
"premembers.repository.pm_projects.query_key")
patch_query_key_pm_aws_account_coops = patch(
"premembers.repository.pm_awsAccountCoops.query_awscoop_effective_enable"
)
patch_update_pm_check_history = patch(
"premembers.repository.pm_checkHistory.update")
patch_create_pm_check_results = patch(
"premembers.repository.pm_checkResults.create")
patch_logger_error = patch.object(CwLogAdapter, "error")
# start mock object
mock_query_key_pm_check_history = patch_query_key_pm_check_history.start(
)
mock_query_key_pm_organizations = patch_query_key_pm_organizations.start(
)
mock_query_key_pm_project = patch_query_key_pm_project.start()
mock_query_key_pm_aws_account_coops = patch_query_key_pm_aws_account_coops.start(
)
mock_update_pm_check_history = patch_update_pm_check_history.start()
mock_create_pm_check_results = patch_create_pm_check_results.start()
mock_logger_error = patch_logger_error.start()
# mock data
mock_query_key_pm_check_history.return_value = data_pm_check_history
mock_query_key_pm_organizations.return_value = data_pm_organizations
mock_query_key_pm_project.return_value = data_pm_project
mock_query_key_pm_aws_account_coops.return_value = data_aws_account_coops
mock_update_pm_check_history.return_value = None
mock_create_pm_check_results.side_effect = PmError()
# addCleanup stop mock object
self.addCleanup(patch_query_key_pm_check_history.stop)
self.addCleanup(patch_query_key_pm_organizations.stop)
self.addCleanup(patch_query_key_pm_project.stop)
self.addCleanup(patch_query_key_pm_aws_account_coops.stop)
self.addCleanup(patch_update_pm_check_history.stop)
self.addCleanup(patch_create_pm_check_results.stop)
self.addCleanup(patch_logger_error.stop)
with self.assertRaises(PmError) as exception:
# call function test
awssecuritychecks_logic.get_check_awsaccounts(
trace_id, check_history_id)
# check error
actual_message = exception.exception.message
self.assertEquals("GCA_SECURITY-008", actual_message)
# check log message error
mock_logger_error.assert_called_once_with(
"チェック結果レコードの作成に失敗しました。: CheckHistoryID=%s, AWSAccount=%s",
check_history_id, aws_account)
def test_execute_security_check_from_external_case_error_get_pm_securityCheckWebhook(self):
# patch mock
patch_query_webhook_index = patch(
"premembers.repository.pm_securityCheckWebhook.query_webhook_index"
)
# start mock object
mock_query_webhook_index = patch_query_webhook_index.start()
mock_error_exception = mock_common_utils.mock_error_exception(self)
# mock object
mock_query_webhook_index.side_effect = PmError()
# addCleanup stop mock object
self.addCleanup(patch_query_webhook_index.stop)
# call function test
actual_response = awschecks_logic.execute_security_check_from_external(
trace_id, webhook_path)
# assert output function
# check call function common write log error
mock_error_exception.assert_called_once()
# assert output function
actual_response_body = json.loads(actual_response["body"])
err_402 = MsgConst.ERR_402
self.assertEqual(err_402["code"], actual_response_body["code"])
self.assertEqual(err_402["message"], actual_response_body["message"])
self.assertEqual(err_402["description"],
actual_response_body["description"])
self.assertEqual(HTTPStatus.INTERNAL_SERVER_ERROR.value,
actual_response["statusCode"])
def test_delete_excluded_resources_case_error_get_record_pm_aws_account_coops(
self):
# mock object
patch_query_awscoop_coop_key = patch(
"premembers.repository.pm_awsAccountCoops.query_awscoop_coop_key")
# start mock object
mock_query_awscoop_coop_key = patch_query_awscoop_coop_key.start()
mock_error_exception = mock_common_utils.mock_error_exception(self)
# mock data
mock_query_awscoop_coop_key.side_effect = PmError()
# addCleanup stop mock object
self.addCleanup(patch_query_awscoop_coop_key.stop)
# call Function test
actual_response = checkitemsettings_logic.delete_excluded_resources(
trace_id, organization_id, project_id, check_item_code, coop_id,
region_name, resource_type, resource_name)
# assert output function
# check call function common write log error
mock_error_exception.assert_called_once()
# assert output function
actual_response_body = json.loads(actual_response["body"])
err_402 = MsgConst.ERR_402
self.assertEqual(err_402["code"], actual_response_body["code"])
self.assertEqual(err_402["message"], actual_response_body["message"])
self.assertEqual(err_402["description"],
actual_response_body["description"])
self.assertEqual(HTTPStatus.INTERNAL_SERVER_ERROR.value,
actual_response["statusCode"])
def get_bucket_encryption(trace_id, s3_client, bucket, aws_account,
region_name, is_cw_logger=False):
if (is_cw_logger):
logger = common_utils.begin_cw_logger(trace_id, __name__,
inspect.currentframe())
else:
logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
bucket_encryption = []
try:
result = s3_client.get_bucket_encryption(Bucket=bucket)
except ClientError as e:
if e.response["Error"]["Code"] == CommonConst.SERVER_SIDE_ENCRYPTION_CONFIGURATION_NOT_FOUND_ERROR:
logger.info("[%s]S3バケット暗号化情報がありません。(%s/%s)", aws_account,
region_name, bucket)
raise PmError(cause_error=e)
elif e.response['Error']['Code'] in CommonConst.S3_SKIP_EXCEPTION:
logger.warning("[%s] 権限エラーによりS3バケットリージョン情報の取得に失敗しました。(%s/%s)",
aws_account, region_name, bucket)
raise common_utils.write_log_warning(e, logger)
else:
logger.error("[%s]S3バケット暗号化情報の取得に失敗しました。(%s/%s)", aws_account,
region_name, bucket)
raise common_utils.write_log_exception(e, logger)
if common_utils.check_key("ServerSideEncryptionConfiguration", result):
if common_utils.check_key("Rules", result["ServerSideEncryptionConfiguration"]):
bucket_encryption = result["ServerSideEncryptionConfiguration"]["Rules"]
return bucket_encryption
def test_execute_security_check_with_executed_type_case_error_get_projects_by_organization_id(self):
# patch mock
patch_get_projects_by_organization_id = patch(
"premembers.repository.pm_projects.get_projects_by_organization_id"
)
# start mock object
mock_get_projects_by_organization_id = patch_get_projects_by_organization_id.start()
mock_error_exception = mock_common_utils.mock_error_exception(self)
# mock object
mock_get_projects_by_organization_id.side_effect = PmError()
# addCleanup stop mock object
self.addCleanup(patch_get_projects_by_organization_id.stop)
# call function test
actual_response = awschecks_logic.execute_security_check_with_executed_type(
trace_id, organization_id, project_id, execute_user_id, email,
"MANUAL")
# assert output function
# check call function common write log error
mock_error_exception.assert_called_once()
# assert output function
actual_response_body = json.loads(actual_response["body"])
err_402 = MsgConst.ERR_402
self.assertEqual(err_402["code"], actual_response_body["code"])
self.assertEqual(err_402["message"], actual_response_body["message"])
self.assertEqual(err_402["description"],
actual_response_body["description"])
self.assertEqual(HTTPStatus.INTERNAL_SERVER_ERROR.value,
actual_response["statusCode"])
def test_update_user_error_update_record(self):
# mock object
query_key = patch('premembers.repository.pm_userAttribute.query_key')
update_user = patch('premembers.repository.pm_userAttribute.update')
mock_error_exception = mock_common_utils.mock_error_exception(self)
# start mock object
mock_query_key = query_key.start()
mock_update_user = update_user.start()
# mock data
mock_query_key.return_value = True
mock_update_user.side_effect = PmError()
# addCleanup stop mock object
self.addCleanup(query_key.stop)
self.addCleanup(update_user.stop)
# call Function test
param_body = json.dumps(data_body)
response = user_logic.update_user_attributes(user_id, param_body)
# assert output function
# check call function common write log error
mock_error_exception.assert_called_once()
# assert function
response_body = json.loads(response['body'])
err_404 = MsgConst.ERR_DB_404
self.assertEqual(response_body['code'], err_404['code'])
self.assertEqual(response_body['message'], err_404['message'])
self.assertEqual(response_body['description'], err_404['description'])
self.assertEqual(response['statusCode'],
HTTPStatus.INTERNAL_SERVER_ERROR.value)
def test_send_checkerror_email_case_error_get_project(self):
# patch mock
patch_get_organization = patch(
"premembers.repository.pm_organizations.get_organization")
patch_get_project = patch(
"premembers.repository.pm_projects.query_key")
# start mock object
mock_get_organization = patch_get_organization.start()
mock_get_project = patch_get_project.start()
# mock data
mock_get_organization.side_effect = None
mock_get_project.side_effect = PmError()
# addCleanup stop mock object
self.addCleanup(patch_get_organization.stop)
self.addCleanup(patch_get_project.stop)
# call function test
with patch.object(PmLogAdapter, 'error',
return_value=None) as mock_method_error:
with self.assertRaises(PmError):
awschecksBatch_logic.send_checkerror_email(
trace_id, aws_account, check_history_id, organization_id,
project_id, error_code, execute_user_id, region_name,
check_code_item, data_body)
# check write log error
mock_method_error.assert_any_call(
"プロジェクト情報の取得に失敗しました。ProjectID={0}".format(project_id))
def send_email(trace_id, region_name, sender, bcc, subject, body):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
try:
client = boto3.client(
service_name='ses', region_name=region_name)
except ClientError as e:
pm_logger.error("[%s] SESクライアント作成に失敗しました。", region_name)
raise common_utils.write_log_exception(e, pm_logger)
try:
response = client.send_email(
Source=sender,
Destination={
'BccAddresses': bcc
},
Message={
'Subject': {
'Data': subject,
'Charset': 'UTF-8'
},
'Body': {
'Text': {
'Data': body,
'Charset': 'UTF-8'
}
}
}
)
if response['ResponseMetadata']['HTTPStatusCode'] != 200:
raise PmError()
except ClientError as e:
raise common_utils.write_log_exception(e, pm_logger)
def test_apply_change_email_handler_error_create_record(self):
# mock object
patch_create = patch('premembers.repository.pm_emailChangeApply.create')
patch_get_cognito_user_pools = patch('premembers.common.aws_common.get_cognito_user_pools')
# start mock object
mock_create = patch_create.start()
mock_get_cognito_user_pools = patch_get_cognito_user_pools.start()
# mock data
mock_create.side_effect = PmError()
mock_get_cognito_user_pools.return_value = []
# addCleanup stop mock object
self.addCleanup(patch_create.stop)
self.addCleanup(patch_get_cognito_user_pools.stop)
# Call function test
body = {
"mailAddress": mail_after,
"callerServiceName": "opswitch",
"mailLang": language_mail_test
}
event_mock = event_create.get_event_object(
trace_id=trace_id,
email=mail_before,
body=json.dumps(body))
result = user.apply_change_email_handler(event_mock, {})
# Check data
response_body = json.loads(result['body'])
err_403 = MsgConst.ERR_DB_403
self.assertEqual(err_403['code'], response_body['code'])
self.assertEqual(err_403['message'], response_body['message'])
self.assertEqual(err_403['description'], response_body['description'])
self.assertEqual(result['statusCode'],
HTTPStatus.INTERNAL_SERVER_ERROR.value)
def test_get_user_error_query_record(self):
user_id = DataCommon.USER_ID_TEST.format(str(3))
# mock object
query_key = patch('premembers.repository.pm_userAttribute.query_key')
# start mock object
mock_query_key = query_key.start()
mock_error_exception = mock_common_utils.mock_error_exception(self)
# mock data
mock_query_key.side_effect = PmError()
# addCleanup stop mock object
self.addCleanup(query_key.stop)
# call Function test
response = user_logic.get_user_attributes(user_id)
# assert output function
# check call function common write log error
mock_error_exception.assert_called_once()
# assert function
response_body = json.loads(response['body'])
err_402 = MsgConst.ERR_402
self.assertEqual(response_body['code'], err_402['code'])
self.assertEqual(response_body['message'], err_402['message'])
self.assertEqual(response_body['description'], err_402['description'])
self.assertEqual(response['statusCode'],
HTTPStatus.INTERNAL_SERVER_ERROR.value)
def test_execute_send_checkerror_email_case_error_send_checkerror_email(
self):
# patch mock
patch_publish_error_message_send_checkerror_email = patch(
"premembers.check.logic.awschecksBatch_logic.publish_error_message_send_checkerror_email"
)
patch_send_checkerror_email = patch(
"premembers.check.logic.awschecksBatch_logic.send_checkerror_email"
)
# start mock object
mock_publish_error_message_send_checkerror_email = patch_publish_error_message_send_checkerror_email.start(
)
mock_send_checkerror_email = patch_send_checkerror_email.start()
# mock data
mock_publish_error_message_send_checkerror_email.side_effect = None
mock_send_checkerror_email.side_effect = PmError()
# addCleanup stop mock object
self.addCleanup(patch_publish_error_message_send_checkerror_email.stop)
self.addCleanup(patch_send_checkerror_email.stop)
# call function test
awschecksBatch_logic.execute_send_checkerror_email(
trace_id, context_aws.aws_request_id, aws_account,
check_history_id, organization_id, project_id, error_code,
execute_user_id, region_name, check_code_item, data_body)
# check param call function
mock_publish_error_message_send_checkerror_email.assert_any_call(
trace_id, check_history_id, organization_id, project_id,
context_aws.aws_request_id, 'None')
def side_effect_read_yaml_error_get_message_notice_error_execute_check_security(
trace_id, bucket, s3_file_name):
if s3_file_name == copy.deepcopy(DataTestS3.PATH_FILE_CONFIG):
return copy.deepcopy(DataTestS3.DATA_CONFIG)
elif s3_file_name == copy.deepcopy(
DataTestS3.PATH_FILE_MESSAGE_NOTICE_ERROR_EXECUTE_CHECK_SECURITY_JA
):
raise PmError()
def test_execute_security_check_with_executed_type_case_error_get_pm_check_history(self):
# patch mock
patch_get_projects_by_organization_id = patch(
"premembers.repository.pm_projects.get_projects_by_organization_id"
)
patch_create_pm_check_history = patch(
"premembers.repository.pm_checkHistory.create")
patch_aws_sns = patch("premembers.common.aws_common.aws_sns")
patch_query_key_pm_check_history = patch("premembers.repository.pm_checkHistory.query_key")
patch_get_uuid4 = patch("premembers.common.common_utils.get_uuid4")
# start mock object
mock_query_key_pm_check_history = patch_query_key_pm_check_history.start()
mock_get_projects_by_organization_id = patch_get_projects_by_organization_id.start()
mock_create_pm_check_history = patch_create_pm_check_history.start()
mock_aws_sns = patch_aws_sns.start()
mock_get_uuid4 = patch_get_uuid4.start()
mock_error_exception = mock_common_utils.mock_error_exception(self)
# mock object
mock_query_key_pm_check_history.side_effect = PmError()
mock_get_projects_by_organization_id.return_value = data_pm_project
mock_create_pm_check_history.side_effect = None
mock_aws_sns.side_effect = None
mock_get_uuid4.return_value = check_history_id
# addCleanup stop mock object
self.addCleanup(patch_get_projects_by_organization_id.stop)
self.addCleanup(patch_create_pm_check_history.stop)
self.addCleanup(patch_aws_sns.stop)
self.addCleanup(patch_get_uuid4.stop)
# call function test
actual_response = awschecks_logic.execute_security_check_with_executed_type(
trace_id, organization_id, project_id, execute_user_id, email,
"MANUAL")
# assert output function
# check call function common write log error
mock_error_exception.assert_called_once()
# assert call aws_sns
topic_arn = common_utils.get_environ(
CommonConst.SECURITYCHECK_EXECUTE_TOPIC)
subject = "USER : {0}".format(execute_user_id)
message = {'CheckHistoryId': check_history_id}
mock_aws_sns.assert_called_once_with(trace_id, subject,
json.dumps(message), topic_arn)
# assert output function
actual_response_body = json.loads(actual_response["body"])
err_402 = MsgConst.ERR_402
self.assertEqual(err_402["code"], actual_response_body["code"])
self.assertEqual(err_402["message"], actual_response_body["message"])
self.assertEqual(err_402["description"],
actual_response_body["description"])
self.assertEqual(HTTPStatus.INTERNAL_SERVER_ERROR.value,
actual_response["statusCode"])
def test_get_check_awsaccounts_case_error_get_record_pm_project(self):
# create data mock
cw_logger = common_utils.begin_cw_logger(trace_id, __name__,
inspect.currentframe())
pm_error = PmError()
# patch mock
patch_begin_cw_logger = patch(
"premembers.common.common_utils.begin_cw_logger")
patch_query_key_pm_check_history = patch(
"premembers.repository.pm_checkHistory.query_key")
patch_query_key_pm_organizations = patch(
"premembers.repository.pm_organizations.get_organization")
patch_query_key_pm_project = patch(
"premembers.repository.pm_projects.query_key")
patch_logger_error = patch.object(CwLogAdapter, "error")
patch_write_log_pm_error = patch(
"premembers.common.common_utils.write_log_pm_error")
# start mock object
mock_begin_cw_logger = patch_begin_cw_logger.start()
mock_query_key_pm_check_history = patch_query_key_pm_check_history.start(
)
mock_query_key_pm_organizations = patch_query_key_pm_organizations.start(
)
mock_query_key_pm_project = patch_query_key_pm_project.start()
mock_logger_error = patch_logger_error.start()
mock_write_log_pm_error = patch_write_log_pm_error.start()
# mock data
mock_begin_cw_logger.return_value = cw_logger
mock_query_key_pm_check_history.return_value = data_pm_check_history
mock_query_key_pm_organizations.return_value = data_pm_organizations
mock_query_key_pm_project.side_effect = pm_error
mock_write_log_pm_error.return_value = pm_error
# addCleanup stop mock object
self.addCleanup(patch_begin_cw_logger.stop)
self.addCleanup(patch_query_key_pm_check_history.stop)
self.addCleanup(patch_query_key_pm_organizations.stop)
self.addCleanup(patch_query_key_pm_project.stop)
self.addCleanup(patch_logger_error.stop)
self.addCleanup(patch_write_log_pm_error.stop)
with self.assertRaises(PmError):
# call function test
awssecuritychecks_logic.get_check_awsaccounts(
trace_id, check_history_id)
# check log message error
mock_logger_error.assert_called_once_with(
"プロジェクト情報の取得に失敗しました。: ProjectID=%s", project_id)
# check call function write_log_pm_error
mock_write_log_pm_error.assert_called_once_with(
pm_error, cw_logger, "GCA_SECURITY-004")
def test_delete_project_case_error_delete_security_check_webhook(self):
# create pm_securityCheckWebhook table
mock_pm_securityCheckWebhook.create_table()
# create pm_securityCheckWebhookCallHistory table
mock_pm_securityCheckWebhookCallHistory.create_table()
# create pm_reports table
mock_pm_reports.create_table()
# create data pm_security_check_webhooks
for data_pm_security_check_webhooks in list_data_pm_security_check_webhooks:
mock_pm_securityCheckWebhook.create(
data_pm_security_check_webhooks)
# create data pm_security_check_webhooks
for data_pm_security_check_webhook_call_history in list_data_pm_security_check_webhook_call_historys:
mock_pm_securityCheckWebhookCallHistory.create(
data_pm_security_check_webhook_call_history)
# create data pm_reports
for data_pm_reports in list_data_pm_reports:
mock_pm_reports.create(data_pm_reports)
# mock object
pm_error = PmError()
patch_delete_security_check_webhook = patch(
"premembers.repository.pm_securityCheckWebhook.delete")
patch_error_method = patch.object(PmLogAdapter, 'error')
# mock function error
mock_delete_security_check_webhook = patch_delete_security_check_webhook.start()
mock_error_method = patch_error_method.start()
# mock data
mock_delete_security_check_webhook.side_effect = pm_error
mock_error_method.return_value = None
# addCleanup stop mock object
self.addCleanup(patch_delete_security_check_webhook.stop)
self.addCleanup(patch_error_method.stop)
# call Function test
actual_response = projectsBatch_logic.delete_project(
task_id, project_id)
actual_record_pm_security_check_webhook_call_history = mock_pm_securityCheckWebhookCallHistory.query_all()
# check call function error
mock_error_method.assert_any_call(
"チェック実行Webhook情報削除に失敗しました。: WebhookID=%s",
security_check_web_hook_id)
mock_error_method.assert_any_call(pm_error)
# assert output function
self.assertEqual(False, actual_response)
self.assertEqual(1,
len(actual_record_pm_security_check_webhook_call_history['Items']))
def test_execute_change_email_case_update_cognito_user_attributes_error_caller_service_name_is_opswitch(
self):
# perpare data test
mock_pm_emailChangeApply.create(
data_insert_caller_service_name_opswitch)
# patch mock
patch_read_yaml = patch('premembers.common.FileUtils.read_yaml')
get_cognito_user_info_by_user_name_patch = patch(
'premembers.common.aws_common.get_cognito_user_info_by_user_name')
update_cognito_user_attributes_patch = patch(
'premembers.common.aws_common.update_cognito_user_attributes')
# start mock object
mock_read_yaml = patch_read_yaml.start()
mock_get_cognito_user_info_by_user_name = get_cognito_user_info_by_user_name_patch.start(
)
mock_update_cognito_user_attributes = update_cognito_user_attributes_patch.start(
)
# mock data
mock_read_yaml.return_value = data_config
mock_get_cognito_user_info_by_user_name.return_value = user_info
mock_update_cognito_user_attributes.side_effect = PmError()
# addCleanup stop mock object
self.addCleanup(patch_read_yaml.stop)
self.addCleanup(get_cognito_user_info_by_user_name_patch.stop)
self.addCleanup(update_cognito_user_attributes_patch.stop)
with patch.object(PmLogAdapter, 'error',
return_value=None) as mock_method_error:
# call function test
result = user_logic.execute_change_email(apply_id)
# Check data
status_code = result['statusCode']
response_body = result['body']
response_headers = result['headers']
self.assertEqual(HTTPStatus.OK.value, status_code)
self.assertEqual(response_error_page_caller_service_opswitch,
response_body)
self.assertEqual(content_type_text_html,
response_headers['content-type'])
# check param call function get_cognito_user_info_by_user_name
mock_get_cognito_user_info_by_user_name.assert_called_once_with(
apply_id, user_id)
# check param call function update_cognito_user_attributes
mock_update_cognito_user_attributes.assert_called_once_with(
apply_id, user_id, user_attributes)
# check write log error
mock_method_error.assert_called_once_with("Cognitoの項目変更に失敗しました。")
def test_execute_delete_invalid_user_error_call_delete_affiliation(self):
# mock object
patch_get_cognito_user_pools = patch(
'premembers.common.aws_common.get_cognito_user_pools')
patch_method_warning = patch.object(PmLogAdapter, "warning")
patch_method_delete_cognito_user_by_user_name = patch(
'premembers.common.aws_common.delete_cognito_user_by_user_name')
patch_method_query_userid_key = patch(
'premembers.repository.pm_affiliation.query_userid_key')
patch_method_delete_affiliation = patch(
'premembers.repository.pm_affiliation.delete_affiliation')
# start mock object
mock_get_cognito_user_pools = patch_get_cognito_user_pools.start()
mock_method_warning = patch_method_warning.start()
mock_method_delete_cognito_user_by_user_name = patch_method_delete_cognito_user_by_user_name.start(
)
mock_method_query_userid_key = patch_method_query_userid_key.start()
mock_method_delete_affiliation = patch_method_delete_affiliation.start(
)
expected_username_force_change_password = copy.deepcopy(
DataTestCognitoIdp.LIST_DATA_USER_FORCE_CHANGE_PASSWORD[1]
['Username'])
data_affiliation_user_force_change_password = copy.deepcopy(
DataPmAffiliation.AFFILIATION_TEMPLATE)
data_affiliation_user_force_change_password[
'UserID'] = expected_username_force_change_password
data_query_userid_key = [data_affiliation_user_force_change_password]
# mock data
mock_get_cognito_user_pools.side_effect = mock_get_cognito_user_pools_success
mock_method_delete_cognito_user_by_user_name.side_effect = None
mock_method_query_userid_key.return_value = data_query_userid_key
mock_method_delete_affiliation.side_effect = PmError()
# addCleanup stop mock object
self.addCleanup(patch_get_cognito_user_pools.stop)
self.addCleanup(patch_method_warning.stop)
self.addCleanup(patch_method_delete_cognito_user_by_user_name.stop)
self.addCleanup(patch_method_query_userid_key.stop)
self.addCleanup(mock_method_delete_affiliation.stop)
# call Function test
with self.assertRaises(PmError):
usersBatch_logic.execute_delete_invalid_user(trace_id)
# check logic write log warning
expected_organizationid = data_affiliation_user_force_change_password[
'OrganizationID']
mock_method_warning.assert_any_call(
"PM_Affiliationテーブルのレコード削除に失敗しました。UserID : %s / OrganizationID : %s",
expected_username_force_change_password, expected_organizationid)
def test_check_effective_awsaccount_case_error_create_session_client(self):
# create data mock
cw_logger = common_utils.begin_cw_logger(trace_id, __name__,
inspect.currentframe())
# patch mock
patch_begin_cw_logger = patch(
"premembers.common.common_utils.begin_cw_logger")
patch_logger_warning = patch.object(CwLogAdapter, "warning")
patch_do_disable_awscoop = patch(
"premembers.check.logic.awssecuritychecks_logic.do_disable_awscoop"
)
patch_create_session_client = patch(
"premembers.common.aws_common.create_session_client")
patch_query_awscoop_coop_key = patch(
"premembers.repository.pm_awsAccountCoops.query_awscoop_coop_key")
# start mock object
mock_begin_cw_logger = patch_begin_cw_logger.start()
mock_logger_warning = patch_logger_warning.start()
mock_do_disable_awscoop = patch_do_disable_awscoop.start()
mock_create_session_client = patch_create_session_client.start()
mock_query_awscoop_coop_key = patch_query_awscoop_coop_key.start()
# mock object
mock_begin_cw_logger.return_value = cw_logger
mock_do_disable_awscoop.side_effect = None
mock_create_session_client.side_effect = PmError()
mock_query_awscoop_coop_key.side_effect = None
# addCleanup stop mock object
self.addCleanup(patch_begin_cw_logger.stop)
self.addCleanup(patch_logger_warning.stop)
self.addCleanup(patch_do_disable_awscoop.stop)
self.addCleanup(patch_create_session_client.stop)
self.addCleanup(patch_query_awscoop_coop_key.stop)
# call function test
actual_response = awssecuritychecks_logic.check_effective_awsaccount(
trace_id, aws_account, coop_id, role_name, external_id,
organization_id, project_id, check_history_id)
expect_response = {"TaskResult": "Fail"}
# check result
self.assertDictEqual(expect_response, actual_response)
# check log message warning
mock_logger_warning.assert_any_call("[%s] Credentialsを取得できませんでした。",
aws_account)
# check call function do_disable_awscoop
mock_do_disable_awscoop.assert_called_once_with(
trace_id, coop_id, aws_account)
def error_exception(error_code,
status_code,
error_pm,
pm_logger,
exc_info=False):
if type(error_pm) is not PmError:
error_pm = PmError(cause_error=error_pm)
response = get_response_error(error_code, status_code, error_pm.error_id)
if exc_info is True:
pm_logger.error(error_pm)
pm_logger.exception("error_id: %s", error_pm.error_id)
pm_logger.error("end : response %s", response)
return response
def test_execute_security_check_with_executed_type_case_error_publish_message(self):
# patch mock
patch_get_projects_by_organization_id = patch(
"premembers.repository.pm_projects.get_projects_by_organization_id"
)
patch_create_pm_check_history = patch(
"premembers.repository.pm_checkHistory.create")
patch_aws_sns = patch("premembers.common.aws_common.aws_sns")
patch_query_key_pm_check_history = patch("premembers.repository.pm_checkHistory.query_key")
patch_get_uuid4 = patch("premembers.common.common_utils.get_uuid4")
# start mock object
mock_query_key_pm_check_history = patch_query_key_pm_check_history.start()
mock_get_projects_by_organization_id = patch_get_projects_by_organization_id.start()
mock_create_pm_check_history = patch_create_pm_check_history.start()
mock_aws_sns = patch_aws_sns.start()
mock_get_uuid4 = patch_get_uuid4.start()
# mock object
mock_query_key_pm_check_history.return_value = data_pm_check_history
mock_get_projects_by_organization_id.return_value = data_pm_project
mock_create_pm_check_history.side_effect = None
mock_aws_sns.side_effect = PmError()
mock_get_uuid4.return_value = check_history_id
# addCleanup stop mock object
self.addCleanup(patch_get_projects_by_organization_id.stop)
self.addCleanup(patch_create_pm_check_history.stop)
self.addCleanup(patch_aws_sns.stop)
self.addCleanup(patch_get_uuid4.stop)
# call function test
actual_response = awschecks_logic.execute_security_check_with_executed_type(
trace_id, organization_id, project_id, execute_user_id, email,
"MANUAL")
# assert call aws_sns
topic_arn = common_utils.get_environ(
CommonConst.SECURITYCHECK_EXECUTE_TOPIC)
subject = "USER : {0}".format(execute_user_id)
message = {'CheckHistoryId': check_history_id}
mock_aws_sns.assert_called_once_with(trace_id, subject,
json.dumps(message), topic_arn)
# Get data response
actual_status_code = actual_response['statusCode']
actual_response_bodys = json.loads(actual_response['body'])
# Check data
self.assertEqual(HTTPStatus.CREATED, actual_status_code)
self.assertEqual(data_pm_check_history, actual_response_bodys)
def test_check_effective_awsaccount_case_error_get_iam_client(self):
# create data mock
cw_logger = common_utils.begin_cw_logger(trace_id, __name__,
inspect.currentframe())
pm_error = PmError()
# patch mock
patch_begin_cw_logger = patch(
"premembers.common.common_utils.begin_cw_logger")
patch_create_session_client = patch(
"premembers.common.aws_common.create_session_client")
patch_get_iam_client = patch(
"premembers.common.IAMUtils.get_iam_client")
patch_query_awscoop_coop_key = patch(
"premembers.repository.pm_awsAccountCoops.query_awscoop_coop_key")
patch_write_log_pm_error = patch(
'premembers.common.common_utils.write_log_pm_error')
# start mock object
mock_begin_cw_logger = patch_begin_cw_logger.start()
mock_create_session_client = patch_create_session_client.start()
mock_get_iam_client = patch_get_iam_client.start()
mock_query_awscoop_coop_key = patch_query_awscoop_coop_key.start()
mock_write_log_pm_error = patch_write_log_pm_error.start()
# mock object
mock_begin_cw_logger.return_value = cw_logger
mock_create_session_client.return_value = session
mock_get_iam_client.side_effect = pm_error
mock_query_awscoop_coop_key.side_effect = None
mock_write_log_pm_error.return_value = pm_error
# addCleanup stop mock object
self.addCleanup(patch_begin_cw_logger.stop)
self.addCleanup(patch_create_session_client.stop)
self.addCleanup(patch_get_iam_client.stop)
self.addCleanup(patch_query_awscoop_coop_key.stop)
self.addCleanup(patch_write_log_pm_error.stop)
# call function test
actual_response = awssecuritychecks_logic.check_effective_awsaccount(
trace_id, aws_account, coop_id, role_name, external_id,
organization_id, project_id, check_history_id)
expect_response = {"TaskResult": "Fail"}
# check result
self.assertDictEqual(expect_response, actual_response)
# check call function write_log_pm_error
mock_write_log_pm_error.assert_any_call(
pm_error, cw_logger, "CEA_SECURITY-002-" + aws_account)
def execute_delete_organization_user(task_id):
pm_logger = common_utils.begin_logger(task_id, __name__,
inspect.currentframe())
# タスク情報を取得します。
# タスク情報のステータスチェックを行います。
target = organizationTask_logic.check_process_status(task_id)
if target is None:
pm_logger.error("組織タスク情報取得に失敗しました。: TaskID=%s", task_id)
raise PmError()
# タスク情報から処理対象(ユーザーID,組織ID)を取得します。
target = target.split(CommonConst.COMMA)
user_id = target[0]
organization_id = target[1]
# 削除処理
# 組織別通知メール宛先テーブル(PM_OrgNotifyMailDestinations)に組織ID{organization_id}をキーとしてクエリを実行し、対象情報を取得する。
try:
org_notify_mail_destinations = pm_orgNotifyMailDestinations.query_key(
task_id, organization_id, CommonConst.NOTIFY_CODE)
except PmError as e:
pm_logger.error("組織別通知メール宛先情報取得に失敗しました。: OrganizationID=%s",
organization_id)
raise common_utils.write_log_pm_error(e, pm_logger)
# キーに合致するレコードが存在しなかった場合
if (not org_notify_mail_destinations):
# 処理を正常終了する。
return
# 取得したレコードのDestinationsのListデータを編集する。
destinations = jmespath.search(
"[?UserID != '{0}']".format(user_id),
org_notify_mail_destinations['Destinations'])
# 編集後のDestinationsは、組織別通知メール宛先テーブル(PM_OrgNotifyMailDestinations)へ組織ID{organization_id}をキーとしてupdate_itemで更新する。(UpdatedAtも現在日時で更新する)
try:
if (len(destinations) == 0):
# 編集後のDestinationsのListデータが0件になる場合、組織別通知メール宛先テーブル(PM_OrgNotifyMailDestinations)の該当レコードを削除する。
pm_orgNotifyMailDestinations.delete(task_id, organization_id,
CommonConst.NOTIFY_CODE)
else:
attribute = {'Destinations': {"Value": destinations}}
pm_orgNotifyMailDestinations.update(task_id, organization_id,
CommonConst.NOTIFY_CODE,
attribute)
except PmError as e:
pm_logger.error("組織別通知メール宛先情報の更新に失敗しました。: OrganizationID=%s",
organization_id)
raise common_utils.write_log_pm_error(e, pm_logger)
def test_send_checkerror_email_case_error_read_decode_get_template_body_mail(
self):
# patch mock
patch_get_organization = patch(
"premembers.repository.pm_organizations.get_organization")
patch_get_project = patch(
"premembers.repository.pm_projects.query_key")
patch_get_cognito_user_info_by_user_name = patch(
"premembers.common.aws_common.get_cognito_user_info_by_user_name")
patch_read_decode = patch("premembers.common.FileUtils.read_decode")
# start mock object
mock_get_organization = patch_get_organization.start()
mock_get_project = patch_get_project.start()
mock_get_cognito_user_info_by_user_name = patch_get_cognito_user_info_by_user_name.start(
)
mock_read_decode = patch_read_decode.start()
# mock data
mock_get_organization.side_effect = None
mock_get_project.side_effect = None
result_mock_read_yaml = mock_common_utils.mock_read_yaml(self, True)
mock_get_cognito_user_info_by_user_name.return_value = user_info_cognito
mock_read_decode.side_effect = PmError()
# addCleanup stop mock object
self.addCleanup(patch_get_organization.stop)
self.addCleanup(patch_get_project.stop)
self.addCleanup(patch_get_cognito_user_info_by_user_name.stop)
self.addCleanup(result_mock_read_yaml[1].stop)
self.addCleanup(patch_read_decode.stop)
# call function test
with patch.object(PmLogAdapter, 'error',
return_value=None) as mock_method_error:
with self.assertRaises(PmError):
awschecksBatch_logic.send_checkerror_email(
trace_id, aws_account, check_history_id, organization_id,
project_id, error_code, execute_user_id, region_name,
check_code_item, data_body)
# check write log error
mock_method_error.assert_any_call(
'通知メール本文テンプレートファイルの取得に失敗しました。:s3://premembers-dev-setting/check/notify/mail/notice_error_execute_check_ja.tpl'
)
# check param call function
mock_read_decode.assert_called_once_with(
trace_id, 'S3_SETTING_BUCKET',
copy.deepcopy(DataTestS3.PATH_NOTICE_ERROR_EXECUTE_CHECK_JA))
def test_apply_change_email_handler_error_read_file_template(self):
# mock object
patch_get_cognito_user_pools = patch('premembers.common.aws_common.get_cognito_user_pools')
patch_method_error = patch.object(PmLogAdapter, "error")
patch_read_decode = patch("premembers.common.FileUtils.read_decode")
patch_read_yaml = patch("premembers.common.FileUtils.read_yaml")
# start mock object
mock_get_cognito_user_pools = patch_get_cognito_user_pools.start()
mock_method_error = patch_method_error.start()
mock_read_yaml = patch_read_yaml.start()
mock_read_decode = patch_read_decode.start()
# mock data
mock_get_cognito_user_pools.return_value = []
mock_method_error.return_value = None
mock_read_yaml.return_value = response_data_config
mock_read_decode.side_effect = PmError()
# addCleanup stop mock object
self.addCleanup(patch_get_cognito_user_pools.stop)
self.addCleanup(patch_method_error.stop)
self.addCleanup(patch_read_yaml.stop)
self.addCleanup(patch_read_decode.stop)
# Call function test
body = {
"mailAddress": mail_after,
"callerServiceName": "insightwatch",
"mailLang": language_mail_test
}
event_mock = event_create.get_event_object(
trace_id=trace_id,
email=mail_before,
body=json.dumps(body))
result = user.apply_change_email_handler(event_mock, {})
# Check data
mock_method_error.assert_any_call(
"メールアドレス変更通知メール本文テンプレートファイルの取得に失敗しました。:s3://%s/%s",
common_utils.get_environ(CommonConst.S3_SETTING_BUCKET),
"check/notify/mail/insightwatch_apply_change_mail_template_ja.tpl")
response_body = json.loads(result['body'])
err_s3_702 = MsgConst.ERR_S3_702
self.assertEqual(err_s3_702['code'], response_body['code'])
self.assertEqual(err_s3_702['message'], response_body['message'])
self.assertEqual(err_s3_702['description'], response_body['description'])
self.assertEqual(result['statusCode'],
HTTPStatus.INTERNAL_SERVER_ERROR.value)
def test_test_update_status_checkhistory_case_error_update_record_pm_check_history(
self):
# create data mock
cw_logger = common_utils.begin_cw_logger(trace_id, __name__,
inspect.currentframe())
pm_error = PmError()
# patch mock
patch_query_key_pm_check_history = patch(
"premembers.repository.pm_checkHistory.query_key")
patch_update_pm_check_history = patch(
"premembers.repository.pm_checkHistory.update")
patch_begin_cw_logger = patch(
"premembers.common.common_utils.begin_cw_logger")
patch_logger_error = patch.object(CwLogAdapter, "error")
patch_write_log_pm_error = patch(
"premembers.common.common_utils.write_log_pm_error")
# start mock object
mock_query_key_pm_check_history = patch_query_key_pm_check_history.start(
)
mock_update_pm_check_history = patch_update_pm_check_history.start()
mock_begin_cw_logger = patch_begin_cw_logger.start()
mock_logger_error = patch_logger_error.start()
mock_write_log_pm_error = patch_write_log_pm_error.start()
# mock object
mock_query_key_pm_check_history.return_value = data_pm_check_history
mock_update_pm_check_history.side_effect = pm_error
mock_begin_cw_logger.return_value = cw_logger
mock_write_log_pm_error.return_value = pm_error
# addCleanup stop mock object
self.addCleanup(patch_query_key_pm_check_history.stop)
self.addCleanup(patch_begin_cw_logger.stop)
self.addCleanup(patch_logger_error.stop)
self.addCleanup(patch_write_log_pm_error.stop)
with self.assertRaises(PmError):
# call function test
awssecuritychecks_logic.update_status_checkhistory(
check_history_id, error_code, check_status)
# check log message error
mock_logger_error.assert_called_once_with(
"チェック履歴情報のステータス更新に失敗しました。: CheckHistoryID=%s", check_history_id)
# check call function write_log_pm_error
mock_write_log_pm_error.assert_called_once_with(pm_error, cw_logger)
def test_authority_error(self):
with patch('premembers.common.checkauthority.check_authority'
) as mock_check_authority:
mock_check_authority.side_effect = PmError()
response = checkauthority.authority(trace_id, user_id,
organization_id,
Authority["Owner"])
status_code = response['statusCode']
response_body = json.loads(response['body'])
err_402 = MsgConst.ERR_402
self.assertEqual(status_code, HTTPStatus.INTERNAL_SERVER_ERROR.value)
self.assertEqual(response_body['code'], err_402['code'])
self.assertEqual(response_body['message'], err_402['message'])
self.assertEqual(response_body['description'], err_402['description'])
def test_apply_change_email_handler_error_send_mail(self):
# mock object
patch_get_cognito_user_pools = patch('premembers.common.aws_common.get_cognito_user_pools')
patch_method_error = patch.object(PmLogAdapter, "error")
patch_read_decode = patch("premembers.common.FileUtils.read_decode")
patch_read_yaml = patch("premembers.common.FileUtils.read_yaml")
patch_send_email = patch("premembers.common.aws_common.send_email")
# start mock object
mock_get_cognito_user_pools = patch_get_cognito_user_pools.start()
mock_method_error = patch_method_error.start()
mock_read_yaml = patch_read_yaml.start()
mock_read_decode = patch_read_decode.start()
mock_send_email = patch_send_email.start()
# mock data
mock_get_cognito_user_pools.return_value = []
mock_method_error.return_value = None
mock_read_yaml.return_value = response_data_config
mock_send_email.side_effect = PmError()
mock_read_decode.return_value = template_body_mail
# addCleanup stop mock object
self.addCleanup(patch_get_cognito_user_pools.stop)
self.addCleanup(patch_method_error.stop)
self.addCleanup(patch_read_yaml.stop)
self.addCleanup(patch_read_decode.stop)
self.addCleanup(patch_send_email.stop)
# Call function test
body = {
"mailAddress": mail_after,
"callerServiceName": "insightwatch",
"mailLang": language_mail_test
}
event_mock = event_create.get_event_object(
trace_id=trace_id, email=mail_before, body=json.dumps(body))
result = user.apply_change_email_handler(event_mock, {})
# Check data
mock_method_error.assert_any_call("通知メール送信に失敗しました。")
response_body = json.loads(result['body'])
err_ses_801 = MsgConst.ERR_SES_801
self.assertEqual(err_ses_801['code'], response_body['code'])
self.assertEqual(err_ses_801['message'], response_body['message'])
self.assertEqual(err_ses_801['description'], response_body['description'])
self.assertEqual(result['statusCode'],
HTTPStatus.INTERNAL_SERVER_ERROR.value)
def test_send_checkerror_email_case_error_read_yaml_get_config_setting_mail(
self):
# patch mock
patch_get_organization = patch(
"premembers.repository.pm_organizations.get_organization")
patch_get_project = patch(
"premembers.repository.pm_projects.query_key")
patch_get_cognito_user_info_by_user_name = patch(
"premembers.common.aws_common.get_cognito_user_info_by_user_name")
patch_read_yaml_get_config_setting_mail = patch(
"premembers.common.FileUtils.read_yaml")
# start mock object
mock_get_organization = patch_get_organization.start()
mock_get_project = patch_get_project.start()
mock_get_cognito_user_info_by_user_name = patch_get_cognito_user_info_by_user_name.start(
)
mock_read_yaml_get_config_setting_mail = patch_read_yaml_get_config_setting_mail.start(
)
# mock data
mock_get_organization.side_effect = None
mock_get_project.side_effect = None
mock_get_cognito_user_info_by_user_name.side_effect = None
mock_read_yaml_get_config_setting_mail.side_effect = PmError()
# addCleanup stop mock object
self.addCleanup(patch_get_organization.stop)
self.addCleanup(patch_get_project.stop)
self.addCleanup(patch_get_cognito_user_info_by_user_name.stop)
self.addCleanup(patch_read_yaml_get_config_setting_mail.stop)
# call function test
with patch.object(PmLogAdapter, 'error',
return_value=None) as mock_method_error:
with self.assertRaises(PmError):
awschecksBatch_logic.send_checkerror_email(
trace_id, aws_account, check_history_id, organization_id,
project_id, error_code, execute_user_id, region_name,
check_code_item, data_body)
# check write log error
mock_method_error.assert_any_call(
'通知メール送信設定ファイルの取得に失敗しました。:s3://premembers-dev-setting/check/notify/mail/config.yaml'
)
mock_read_yaml_get_config_setting_mail.assert_any_call(
trace_id, 'S3_SETTING_BUCKET',
copy.deepcopy(DataTestS3.PATH_FILE_CONFIG))
def test_send_checkerror_email_error_send_email(self):
# patch mock
patch_get_organization = patch(
"premembers.repository.pm_organizations.get_organization")
patch_get_project = patch(
"premembers.repository.pm_projects.query_key")
patch_get_cognito_user_info_by_user_name = patch(
"premembers.common.aws_common.get_cognito_user_info_by_user_name")
patch_read_decode = patch("premembers.common.FileUtils.read_decode")
patch_send_email = patch("premembers.common.aws_common.send_email")
# start mock object
mock_get_organization = patch_get_organization.start()
mock_get_project = patch_get_project.start()
mock_get_cognito_user_info_by_user_name = patch_get_cognito_user_info_by_user_name.start(
)
mock_read_decode = patch_read_decode.start()
mock_send_email = patch_send_email.start()
# mock data
mock_get_organization.side_effect = None
mock_get_project.side_effect = None
result_mock_read_yaml = mock_common_utils.mock_read_yaml(self, True)
mock_get_cognito_user_info_by_user_name.return_value = user_info_cognito
mock_read_decode.return_value = copy.deepcopy(
DataTestS3.TEMPLATE_NOTICE_ERROR_EXECUTE_CHECK_JA)
mock_send_email.side_effect = PmError()
# addCleanup stop mock object
self.addCleanup(patch_get_cognito_user_info_by_user_name.stop)
self.addCleanup(result_mock_read_yaml[1].stop)
self.addCleanup(patch_read_decode.stop)
self.addCleanup(patch_send_email.stop)
# call function test
with patch.object(PmLogAdapter, 'error',
return_value=None) as mock_method_error:
with self.assertRaises(PmError):
awschecksBatch_logic.send_checkerror_email(
trace_id, aws_account, check_history_id, organization_id,
project_id, error_code, execute_user_id, region_name,
check_code_item, data_body)
# check write log error
mock_method_error.assert_any_call('通知メール送信に失敗しました。')