def test_get_ncr_with_admin_exclusion(self, mock_get_ncr, mock_get_requirement, mock_get_user, mock_get_latest_complete_scan): mock_get_user.return_value = { 'email': user, 'accounts': {}, 'isAdmin': True, } mock_get_requirement.return_value = [{ 'severity': 'high', 'description': 'All IAM Users have MFA enabled for Console Access', 'weight': 1000, 'source': 's3Import', 'requirementId': 'requirementId01', 's3Import': { 's3Bucket': 's3-req-bucket-01', 's3Key': 'req1' } }] mock_get_latest_complete_scan.return_value = '2020-05-27T15:11:29.949427#wbnpjzzr' mock_get_ncr.return_value = [{ 'accountId': '12345678901', 'resourceId': 'arn:aws:lambda:us-west-2:12345678901:function:test-function', 'accountName': 'TEST ACCOUNT NAME', 'scanId': '2020-05-27T15:11:29.949427#wbnpjzzr', 'accntId_rsrceId_rqrmntId': '12345678901_arn:aws:lambda:us-west-2:12345678901:function:test-function_requirementId01', 'requirementId': 'requirementId01', 'rqrmntId_accntId': 'requirementId01_12345678901', }] resp = ncr.ncr_handler(create_event(), None) assert resp['statusCode'] == 200 assert json.loads(resp['body']) == { 'scanId': '2020-05-27T15:11:29.949427#wbnpjzzr', 'ncrRecords': [{ 'ncrId': '2020-05-27T15:11:29.949427#wbnpjzzr#12345678901_arn:aws:lambda:us-west-2:12345678901:function:test-function_requirementId01', 'allowedActions': { 'remediate': False, 'requestExclusion': True, 'requestExclusionChange': False }, 'resource': { 'accountId': '12345678901', 'resourceId': 'arn:aws:lambda:us-west-2:12345678901:function:test-function', 'accountName': 'TEST ACCOUNT NAME', 'requirementId': 'requirementId01', } }] }
def test_get_ncr_without_permissions(self, mock_get_ncr, mock_get_requirement, mock_get_user, mock_get_latest_complete_scan): mock_get_user.return_value = { 'email': user, 'accounts': {}, } mock_get_requirement.return_value = [{ 'severity': 'high', 'description': 'All IAM Users have MFA enabled for Console Access', 'weight': 1000, 'source': 's3Import', 'requirementId': 'requirementId01', 's3Import': { 's3Bucket': 's3-req-bucket-01', 's3Key': 'req1' } }] mock_get_latest_complete_scan.return_value = '2020-05-27T15:11:29.949427#wbnpjzzr' mock_get_ncr.return_value = [{ 'accountId': '12345678901', 'resourceId': 'arn:aws:lambda:us-west-2:12345678901:function:test-function', 'exclusionApplied': True, 'accountName': 'TEST ACCOUNT NAME', 'scanId': '2020-05-27T15:11:29.949427#wbnpjzzr', 'accntId_rsrceId_rqrmntId': '12345678901_arn:aws:lambda:us-west-2:12345678901:function:test-function_requirementId01', 'exclusion': { 'accountId': '*', 'reason': 'inspected looks fine', 'resourceId': 'arn:aws:lambda:*', 'requirementId': 'requirementId01', 'type': 'justification', 'status': 'approved', 'expirationDate': '2999/12/31' }, 'requirementId': 'requirementId01', 'rqrmntId_accntId': 'requirementId01_12345678901', # 'isHidden': False }] resp = ncr.ncr_handler(create_event(), None) assert resp['statusCode'] == 403