def test_get_ncr_with_admin_exclusion(self, mock_get_ncr,
mock_get_requirement, mock_get_user,
mock_get_latest_complete_scan):
mock_get_user.return_value = {
'email': user,
'accounts': {},
'isAdmin': True,
}
mock_get_requirement.return_value = [{
'severity': 'high',
'description': 'All IAM Users have MFA enabled for Console Access',
'weight': 1000,
'source': 's3Import',
'requirementId': 'requirementId01',
's3Import': {
's3Bucket': 's3-req-bucket-01',
's3Key': 'req1'
}
}]
mock_get_latest_complete_scan.return_value = '2020-05-27T15:11:29.949427#wbnpjzzr'
mock_get_ncr.return_value = [{
'accountId':
'12345678901',
'resourceId':
'arn:aws:lambda:us-west-2:12345678901:function:test-function',
'accountName':
'TEST ACCOUNT NAME',
'scanId':
'2020-05-27T15:11:29.949427#wbnpjzzr',
'accntId_rsrceId_rqrmntId':
'12345678901_arn:aws:lambda:us-west-2:12345678901:function:test-function_requirementId01',
'requirementId':
'requirementId01',
'rqrmntId_accntId':
'requirementId01_12345678901',
}]
resp = ncr.ncr_handler(create_event(), None)
assert resp['statusCode'] == 200
assert json.loads(resp['body']) == {
'scanId':
'2020-05-27T15:11:29.949427#wbnpjzzr',
'ncrRecords': [{
'ncrId':
'2020-05-27T15:11:29.949427#wbnpjzzr#12345678901_arn:aws:lambda:us-west-2:12345678901:function:test-function_requirementId01',
'allowedActions': {
'remediate': False,
'requestExclusion': True,
'requestExclusionChange': False
},
'resource': {
'accountId': '12345678901',
'resourceId':
'arn:aws:lambda:us-west-2:12345678901:function:test-function',
'accountName': 'TEST ACCOUNT NAME',
'requirementId': 'requirementId01',
}
}]
}
def test_get_ncr_without_permissions(self, mock_get_ncr,
mock_get_requirement, mock_get_user,
mock_get_latest_complete_scan):
mock_get_user.return_value = {
'email': user,
'accounts': {},
}
mock_get_requirement.return_value = [{
'severity': 'high',
'description': 'All IAM Users have MFA enabled for Console Access',
'weight': 1000,
'source': 's3Import',
'requirementId': 'requirementId01',
's3Import': {
's3Bucket': 's3-req-bucket-01',
's3Key': 'req1'
}
}]
mock_get_latest_complete_scan.return_value = '2020-05-27T15:11:29.949427#wbnpjzzr'
mock_get_ncr.return_value = [{
'accountId':
'12345678901',
'resourceId':
'arn:aws:lambda:us-west-2:12345678901:function:test-function',
'exclusionApplied':
True,
'accountName':
'TEST ACCOUNT NAME',
'scanId':
'2020-05-27T15:11:29.949427#wbnpjzzr',
'accntId_rsrceId_rqrmntId':
'12345678901_arn:aws:lambda:us-west-2:12345678901:function:test-function_requirementId01',
'exclusion': {
'accountId': '*',
'reason': 'inspected looks fine',
'resourceId': 'arn:aws:lambda:*',
'requirementId': 'requirementId01',
'type': 'justification',
'status': 'approved',
'expirationDate': '2999/12/31'
},
'requirementId':
'requirementId01',
'rqrmntId_accntId':
'requirementId01_12345678901',
# 'isHidden': False
}]
resp = ncr.ncr_handler(create_event(), None)
assert resp['statusCode'] == 403