def test_ec2(self):
placebo_cfg = {
'placebo': placebo,
'placebo_dir': self._get_response_path('instances_1'),
'placebo_mode': 'playback'}
arn = scan('arn:aws:ec2:us-west-2:123456789012:instance/*',
**placebo_cfg)
# Fetch all Instance resources
l = list(arn)
self.assertEqual(len(l), 2)
# Fetch a single resource
placebo_cfg = {
'placebo': placebo,
'placebo_dir': self._get_response_path('instances_2'),
'placebo_mode': 'playback'}
arn = scan('arn:aws:ec2:us-west-2:123456789012:instance/i-db530902',
**placebo_cfg)
l = list(arn)
self.assertEqual(len(l), 1)
# check filters
arn = scan('arn:aws:ec2:us-west-2:123456789012:instance/i-db530902|InstanceType',
**placebo_cfg)
l = list(arn)
self.assertEqual(len(l), 1)
r = l[0]
self.assertEqual(r.filtered_data, 't2.small')
def test_ec2(self):
placebo_cfg = {
'placebo': placebo,
'placebo_dir': self._get_response_path('instances_1'),
'placebo_mode': 'playback'}
arn = scan('arn:aws:ec2:us-west-2:123456789012:instance/*',
**placebo_cfg)
# Fetch all Instance resources
l = list(arn)
self.assertEqual(len(l), 2)
# Fetch a single resource
placebo_cfg = {
'placebo': placebo,
'placebo_dir': self._get_response_path('instances_2'),
'placebo_mode': 'playback'}
arn = scan('arn:aws:ec2:us-west-2:123456789012:instance/i-db530902',
**placebo_cfg)
l = list(arn)
self.assertEqual(len(l), 1)
# check filters
arn = scan('arn:aws:ec2:us-west-2:123456789012:instance/i-db530902|InstanceType',
**placebo_cfg)
l = list(arn)
self.assertEqual(len(l), 1)
r = l[0]
self.assertEqual(r.filtered_data, 't2.small')
def test_ec2(self):
placebo_cfg = {
"placebo": placebo,
"placebo_data_path": self._get_response_path("instances_1"),
"placebo_mode": "playback",
}
arn = scan("arn:aws:ec2:us-west-2:123456789012:instance/*",
**placebo_cfg)
# Fetch all Instance resources
l = list(arn)
self.assertEqual(len(l), 2)
# Fetch a single resource
placebo_cfg = {
"placebo": placebo,
"placebo_data_path": self._get_response_path("instances_2"),
"placebo_mode": "playback",
}
arn = scan("arn:aws:ec2:us-west-2:123456789012:instance/i-db530902",
**placebo_cfg)
l = list(arn)
self.assertEqual(len(l), 1)
# check filters
arn = scan(
"arn:aws:ec2:us-west-2:123456789012:instance/i-db530902|InstanceType",
**placebo_cfg)
l = list(arn)
self.assertEqual(len(l), 1)
r = l[0]
self.assertEqual(r.filtered_data, "t2.small")
def test_iam_users(self):
arn = scan('arn:aws:iam:*:234567890123:user/*')
l = list(arn)
self.assertEqual(len(l), 3)
arn = scan('arn:aws:iam:*:234567890123:user/foo')
l = list(arn)
self.assertEqual(len(l), 1)
def test_elb_loadbalancer(self):
arn = scan('arn:aws:elb:us-west-2:123456789012:loadbalancer/*')
l = list(arn)
self.assertEqual(len(l), 1)
arn = scan('arn:aws:elb:us-west-2:234567890123:loadbalancer/*')
l = list(arn)
self.assertEqual(len(l), 5)
def test_ec2_instance(self):
# Set up the HTTP mocking
host = 'https://ec2.us-east-1.amazonaws.com/'
body1 = get_response_body('ec2_instance.xml')
body2 = get_response_body('instance_not_found.xml')
body3 = get_response_body('one_instance.xml')
httpretty.register_uri(httpretty.POST,
host,
responses=[
httpretty.Response(body=body1, status=200),
httpretty.Response(body=body2, status=400),
httpretty.Response(body=body3, status=200),
])
host = 'https://monitoring.us-east-1.amazonaws.com/'
body1 = get_response_body('instance_metric_names.xml')
body2 = get_response_body('get_metric_data.xml')
httpretty.register_uri(httpretty.POST,
host,
responses=[
httpretty.Response(body=body1, status=200),
httpretty.Response(body=body2, status=200),
])
# Run the test
arn = scan('arn:aws:ec2:us-east-1:123456789012:instance/*')
# Register our local event handler
arn.register_for_event('resource-create.aws.ec2.*.*.instance.*',
self._my_callback)
# Fetch all Instance resources
instances = list(arn)
self.assertEqual(len(instances), 2)
# Check to see if our callback got called
for i in instances:
self.assertEqual(getattr(i, '__foobar__'), 'fiebaz')
# Fetch non-existant resource
arn = scan('arn:aws:ec2:us-east-1:123456789012:instance/i-decafbad')
instances = list(arn)
self.assertEqual(len(instances), 0)
# Fetch a single instance
arn = scan('arn:aws:ec2:us-east-1:123456789012:instance/i-123456789')
instances = list(arn)
self.assertEqual(len(instances), 1)
instance = instances[0]
# Find available metrics
self.assertEqual(len(instance.metric_names), 10)
self.assertEqual(instance.metric_names, [
'DiskReadOps', 'NetworkOut', 'DiskWriteOps', 'DiskReadBytes',
'CPUUtilization', 'StatusCheckFailed', 'StatusCheckFailed_System',
'StatusCheckFailed_Instance', 'NetworkIn', 'DiskWriteBytes'
])
# Fetch metric data
metric_data = instance.get_metric_data('CPUUtilization')
self.assertEqual(len(metric_data), 12)
self.assertEqual(metric_data[-1]['Average'], 0.0)
self.assertEqual(instance.date, '2013-04-25T23:41:15.000Z')
self.assertEqual(instance.name, 'foo.bar.com')
# Fetch tags
self.assertEqual(list(instance.tags.keys()), ['Name'])
self.assertEqual(list(instance.tags.values()), ['foo'])
def test_ec2_instance(self):
# Set up the HTTP mocking
host = 'https://ec2.us-east-1.amazonaws.com/'
body1 = get_response_body('ec2_instance.xml')
body2 = get_response_body('instance_not_found.xml')
body3 = get_response_body('one_instance.xml')
httpretty.register_uri(httpretty.POST, host,
responses=[
httpretty.Response(body=body1, status=200),
httpretty.Response(body=body2, status=400),
httpretty.Response(body=body3, status=200),
])
host = 'https://monitoring.us-east-1.amazonaws.com/'
body1 = get_response_body('instance_metric_names.xml')
body2 = get_response_body('get_metric_data.xml')
httpretty.register_uri(httpretty.POST, host,
responses=[
httpretty.Response(body=body1, status=200),
httpretty.Response(body=body2, status=200),
])
# Run the test
arn = scan('arn:aws:ec2:us-east-1:123456789012:instance/*')
# Fetch all Instance resources
instances = list(arn)
self.assertEqual(len(instances), 2)
# Fetch non-existant resource
arn = scan('arn:aws:ec2:us-east-1:123456789012:instance/i-decafbad')
instances = list(arn)
self.assertEqual(len(instances), 0)
# Fetch a single instance
arn = scan('arn:aws:ec2:us-east-1:123456789012:instance/i-123456789')
instances = list(arn)
self.assertEqual(len(instances), 1)
instance = instances[0]
# Find available metrics
self.assertEqual(len(instance.metric_names), 10)
self.assertEqual(instance.metric_names,
['DiskReadOps',
'NetworkOut',
'DiskWriteOps',
'DiskReadBytes',
'CPUUtilization',
'StatusCheckFailed',
'StatusCheckFailed_System',
'StatusCheckFailed_Instance',
'NetworkIn',
'DiskWriteBytes'])
# Fetch metric data
metric_data = instance.get_metric_data('CPUUtilization')
self.assertEqual(len(metric_data.data), 12)
self.assertEqual(metric_data.data[-1]['Average'], 0.0)
self.assertEqual(instance.name, 'foo.bar.com')
# Fetch tags
self.assertEqual(list(instance.tags.keys()), ['Name'])
self.assertEqual(list(instance.tags.values()), ['foo'])
def test_elb_loadbalancer(self):
placebo_cfg = {
"placebo": placebo,
"placebo_data_path": self._get_response_path("elbs"),
"placebo_mode": "playback",
}
arn = scan("arn:aws:elb:us-east-1:123456789012:loadbalancer/*",
**placebo_cfg)
l = list(arn)
self.assertEqual(len(l), 1)
self.assertEqual(
l[0].arn,
"arn:aws:elb:us-east-1:123456789012:loadbalancer/example")
self.assertEqual(l[0].data["DNSName"],
"example-1111111111.us-east-1.elb.amazonaws.com")
self.assertEqual(l[0].tags["Name"], "example-web")
self.assertEqual(
l[0].data["LoadBalancerAttributes"]["CrossZoneLoadBalancing"]
["Enabled"],
False,
)
self.assertEqual(
l[0].data["PolicyDescriptions"][0]["PolicyName"],
"AWSConsole-SSLNegotiationPolicy-example-1111111111111",
)
def test_dynamodb_filtering(self):
# Set up the HTTP mocking
content_type = 'application/x-amz-json-1.0'
host = 'https://dynamodb.us-east-1.amazonaws.com/'
body1 = get_response_body('dynamodb_tables.json')
body2 = get_response_body('table_one.json')
body3 = get_response_body('table_two.json')
httpretty.register_uri(
httpretty.POST,
host,
responses=[
httpretty.Response(body=body1,
status=200,
content_type=content_type),
httpretty.Response(body=body2,
status=200,
content_type=content_type),
httpretty.Response(body=body3,
status=200,
content_type=content_type),
])
# Run the test
arn = scan('arn:aws:dynamodb:us-east-1:123456789012:table/foo')
# Fetch all Table resources
tables = list(arn)
self.assertEqual(len(tables), 1)
t = tables[0]
self.assertEqual(t.name, 'foo')
self.assertEqual(t.date, 1368642592.791)
def test_cloudformation_stacks(self):
arn = scan('arn:aws:cloudformation:us-west-2:123456789012:stack/*')
l = list(arn)
self.assertEqual(len(l), 10)
stack_resource = l[0]
resources = list(stack_resource)
self.assertEqual(len(resources), 6)
def test_route53_hostedzone(self):
arn = scan('arn:aws:route53::123456789012:hostedzone/*')
l = list(arn)
self.assertEqual(len(l), 2)
zone_resource = l[0]
self.assertEqual(zone_resource.arn,
'arn:aws:route53:::hostedzone/FFFF865FFFF3')
def test_iam_groups(self):
arn = scan('arn:aws:iam::123456789012:group/*')
l = list(arn)
self.assertEqual(len(l), 2)
group_resource = l[0]
self.assertEqual(group_resource.arn,
'arn:aws:iam::123456789012:group/Administrators')
def test_s3_buckets(self):
arn = scan('arn:aws:s3:us-east-1:234567890123:bucket/*')
l = list(arn)
self.assertEqual(len(l), 4)
bucket_resource = l[1]
keys = list(bucket_resource)
self.assertEqual(len(keys), 4)
def test_sqs_queues(self):
# Set up the HTTP mocking
host = 'https://queue.amazonaws.com/'
body1 = get_response_body('sqs_queues.xml')
httpretty.register_uri(httpretty.POST, host,
responses=[
httpretty.Response(
body=body1, status=200)
])
# Run the test
arn = scan('arn:aws:sqs:us-east-1:123456789012:queue/*')
# Fetch all queue resources
queues = list(arn)
self.assertEqual(len(queues), 4)
q = queues[0]
self.assertEqual(q.id, 'foo')
self.assertEqual(
q.name, 'https://queue.amazonaws.com/123456789012/foo')
q = queues[1]
self.assertEqual(
q.name, 'https://queue.amazonaws.com/123456789012/bar')
self.assertEqual(q.id, 'bar')
q = queues[2]
self.assertEqual(
q.name, 'https://queue.amazonaws.com/123456789012/fie')
self.assertEqual(q.id, 'fie')
q = queues[3]
self.assertEqual(
q.name, 'https://queue.amazonaws.com/123456789012/baz')
self.assertEqual(q.id, 'baz')
def test_cloudwatch_loggroup(self):
placebo_cfg = {
'placebo': placebo,
'placebo_dir': self._get_response_path('loggroups'),
'placebo_mode': 'playback'
}
arn = scan('arn:aws:logs:us-east-1:123456789012:log-group/*',
**placebo_cfg)
l = list(arn)
self.assertEqual(len(l), 1)
self.assertEqual(
l[0].arn,
'arn:aws:logs:us-east-1:123456789012:log-group/CloudTrail/DefaultLogGroup'
)
self.assertEqual(l[0].data['logGroupName'],
'CloudTrail/DefaultLogGroup')
self.assertEqual(l[0].tags['TestKey'], 'TestValue')
self.assertEqual(l[0].data['logStreams'][0]['logStreamName'],
'123456789012_CloudTrail_us-east-1')
self.assertEqual(l[0].data['metricFilters'][0]['filterName'],
'EventCount')
self.assertEqual(l[0].data['subscriptionFilters'][0]['filterName'],
'TestLambdaTrigger')
self.assertEqual(l[0].data['queries'][0]['queryId'],
'11111111-cfe3-43db-8eca-8862fee615a3')
def test_iam_users(self):
placebo_cfg = {
"placebo": placebo,
"placebo_data_path": self._get_response_path("users"),
"placebo_mode": "playback",
}
arn = scan("arn:aws:iam::123456789012:user/*", **placebo_cfg)
l = list(arn)
self.assertEqual(len(l), 1)
self.assertEqual(l[0].arn, "arn:aws:iam::123456789012:user/testuser")
self.assertEqual(l[0].data["UserName"], "testuser")
self.assertEqual(l[0].tags["TestKey"], "TestValue")
self.assertEqual(l[0].data["AccessKeyMetadata"][0]["AccessKeyId"],
"AKIAAAAAAAAAAAAAAAAA")
self.assertEqual(l[0].data["Groups"][0]["GroupId"],
"AGPAAAAAAAAAAAAAAAAAA")
self.assertEqual(
l[0].data["PolicyNames"]["TestInlinePolicy"]["Version"],
"2012-10-17")
self.assertEqual(
l[0].data["AttachedPolicies"][0]["PolicyArn"],
"arn:aws:iam::aws:policy/AdministratorAccess",
)
self.assertEqual(l[0].data["SSHPublicKeys"][0]["SSHPublicKeyId"],
"APKAAAAAAAAAAAAAAAAA")
def getServiceRIs(aws_service,aws_region):
_instances = []
for i in skew.scan('arn:aws:'+aws_service+':'+aws_region+':*:reserved/*'):
if i.data['State'] == 'active':
i.data['Region'] = aws_region
_instances.append(i.data)
return _instances
def test_dynamodb_filtering(self):
# Set up the HTTP mocking
content_type = 'application/x-amz-json-1.0'
host = 'https://dynamodb.us-east-1.amazonaws.com/'
body1 = get_response_body('dynamodb_tables.json')
body2 = get_response_body('table_one.json')
body3 = get_response_body('table_two.json')
httpretty.register_uri(httpretty.POST, host,
responses=[
httpretty.Response(
body=body1, status=200,
content_type=content_type),
httpretty.Response(
body=body2, status=200,
content_type=content_type),
httpretty.Response(
body=body3, status=200,
content_type=content_type),
])
# Run the test
arn = scan('arn:aws:dynamodb:us-east-1:123456789012:table/foo')
# Fetch all Table resources
tables = list(arn)
self.assertEqual(len(tables), 1)
t = tables[0]
self.assertEqual(t.name, 'foo')
self.assertEqual(t.date, 1368642592.791)
def test_ec2_address(self):
placebo_cfg = {
"placebo": placebo,
"placebo_data_path": self._get_response_path("addresses"),
"placebo_mode": "playback",
}
arn = scan("arn:aws:ec2:us-east-1:123456789012:address/*",
**placebo_cfg)
l = list(arn)
self.assertEqual(len(l), 3)
self.assertEqual(
l[0].arn,
"arn:aws:ec2:us-east-1:123456789012:address/eipalloc-091f2b843804f008c",
)
self.assertEqual(l[0].data["AllocationId"],
"eipalloc-091f2b843804f008c")
self.assertEqual(
l[2].data["Tags"],
[{
"Key": "Name",
"Value": "some-name"
}, {
"Key": "Env",
"Value": "Prod"
}],
)
def test_s3_buckets(self):
placebo_cfg = {
"placebo": placebo,
"placebo_data_path": self._get_response_path("buckets"),
"placebo_mode": "playback",
}
arn = scan("arn:aws:s3:us-east-1:234567890123:bucket/*", **placebo_cfg)
l = list(arn)
self.assertEqual(len(l), 5)
def test_ec2_routetable(self):
placebo_cfg = {
'placebo': placebo,
'placebo_dir': self._get_response_path('routetables'),
'placebo_mode': 'playback'}
arn = scan('arn:aws:ec2:us-west-2:123456789012:route-table/*',
**placebo_cfg)
l = list(arn)
self.assertEqual(len(l), 5)
def test_ec2_routetable(self):
placebo_cfg = {
'placebo': placebo,
'placebo_dir': self._get_response_path('routetables'),
'placebo_mode': 'playback'}
arn = scan('arn:aws:ec2:us-west-2:123456789012:route-table/*',
**placebo_cfg)
l = list(arn)
self.assertEqual(len(l), 5)
def test_iam_users(self):
placebo_cfg = {
'placebo': placebo,
'placebo_dir': self._get_response_path('users'),
'placebo_mode': 'playback'}
arn = scan('arn:aws:iam:*:234567890123:user/*',
**placebo_cfg)
l = list(arn)
self.assertEqual(len(l), 4)
def test_ec2_network_acls(self):
placebo_cfg = {
'placebo': placebo,
'placebo_dir': self._get_response_path('networkacls'),
'placebo_mode': 'playback'}
arn = scan('arn:aws:ec2:us-west-2:123456789012:network-acl/*',
**placebo_cfg)
l = list(arn)
self.assertEqual(len(l), 8)
def test_iam_users(self):
placebo_cfg = {
'placebo': placebo,
'placebo_dir': self._get_response_path('users'),
'placebo_mode': 'playback'}
arn = scan('arn:aws:iam:*:234567890123:user/*',
**placebo_cfg)
l = list(arn)
self.assertEqual(len(l), 4)
def test_s3_buckets(self):
placebo_cfg = {
'placebo': placebo,
'placebo_dir': self._get_response_path('buckets'),
'placebo_mode': 'playback'}
arn = scan('arn:aws:s3:us-east-1:234567890123:bucket/*',
**placebo_cfg)
l = list(arn)
self.assertEqual(len(l), 5)
def test_ec2_vpcs(self):
placebo_cfg = {
"placebo": placebo,
"placebo_data_path": self._get_response_path("vpcs"),
"placebo_mode": "playback",
}
arn = scan("arn:aws:ec2:us-west-2:123456789012:vpc/*", **placebo_cfg)
l = list(arn)
self.assertEqual(len(l), 3)
def test_rds_security_group(self):
# Set up the HTTP mocking
host = 'https://rds.amazonaws.com/'
body1 = get_response_body('rds_secgrp.xml')
httpretty.register_uri(httpretty.POST, host,
responses=[
httpretty.Response(body=body1, status=200),
httpretty.Response(body=body1, status=200),
])
# Run the test
arn = scan('arn:aws:rds:us-east-1:123456789012:secgrp/*')
# Fetch all resources
secgrps = list(arn)
self.assertEqual(len(secgrps), 1)
# Fetch a single resource
arn = scan('arn:aws:rds:us-east-1:123456789012:secgrp/foo')
secgrps = list(arn)
self.assertEqual(len(secgrps), 1)
def test_ec2_securitygroup(self):
placebo_cfg = {
'placebo': placebo,
'placebo_dir': self._get_response_path('secgrp'),
'placebo_mode': 'playback'}
arn = scan('arn:aws:ec2:us-west-2:123456789012:security-group/*',
**placebo_cfg)
l = list(arn)
self.assertEqual(len(l), 3)
def test_elb_loadbalancer(self):
placebo_cfg = {
'placebo': placebo,
'placebo_dir': self._get_response_path('elbs'),
'placebo_mode': 'playback'}
arn = scan('arn:aws:elb:us-west-2:123456789012:loadbalancer/*',
**placebo_cfg)
l = list(arn)
self.assertEqual(len(l), 6)
def test_s3_buckets(self):
placebo_cfg = {
'placebo': placebo,
'placebo_dir': self._get_response_path('buckets'),
'placebo_mode': 'playback'}
arn = scan('arn:aws:s3:us-east-1:234567890123:bucket/*',
**placebo_cfg)
l = list(arn)
self.assertEqual(len(l), 5)
def test_ec2_securitygroup(self):
placebo_cfg = {
'placebo': placebo,
'placebo_dir': self._get_response_path('secgrp'),
'placebo_mode': 'playback'}
arn = scan('arn:aws:ec2:us-west-2:123456789012:security-group/*',
**placebo_cfg)
l = list(arn)
self.assertEqual(len(l), 3)
def test_elb_loadbalancer(self):
placebo_cfg = {
'placebo': placebo,
'placebo_dir': self._get_response_path('elbs'),
'placebo_mode': 'playback'}
arn = scan('arn:aws:elb:us-west-2:123456789012:loadbalancer/*',
**placebo_cfg)
l = list(arn)
self.assertEqual(len(l), 6)
def test_ec2_network_acls(self):
placebo_cfg = {
'placebo': placebo,
'placebo_dir': self._get_response_path('networkacls'),
'placebo_mode': 'playback'}
arn = scan('arn:aws:ec2:us-west-2:123456789012:network-acl/*',
**placebo_cfg)
l = list(arn)
self.assertEqual(len(l), 8)
def test_no_provider(self):
placebo_cfg = {
'placebo': placebo,
'placebo_dir': self._get_response_path('trail'),
'placebo_mode': 'playback'}
arn = scan(
'::cloudtrail:us-east-1:123456789012:trail/*',
**placebo_cfg)
l = list(arn)
self.assertEqual(len(l), 1)
def test_no_provider(self):
placebo_cfg = {
"placebo": placebo,
"placebo_data_path": self._get_response_path("trail"),
"placebo_mode": "playback",
}
arn = scan("::cloudtrail:us-east-1:123456789012:trail/*",
**placebo_cfg)
l = list(arn)
self.assertEqual(len(l), 1)
def test_ec2_instance_not_found(self):
placebo_cfg = {
'placebo': placebo,
'placebo_dir': self._get_response_path('instances_3'),
'placebo_mode': 'playback'}
arn = scan('arn:aws:ec2:us-west-2:123456789012:instance/i-87654321',
**placebo_cfg)
# Fetch all Instance resources
l = list(arn)
self.assertEqual(len(l), 0)
def test_ec2_instance(self):
arn = scan('arn:aws:ec2:us-west-2:123456789012:instance/*')
# Fetch all Instance resources
l = list(arn)
self.assertEqual(len(l), 2)
# Fetch non-existant resource
arn = scan('arn:aws:ec2:us-west-2:123456789012:instance/i-decafbad')
l = list(arn)
self.assertEqual(len(l), 0)
# Fetch a single resource
arn = scan('arn:aws:ec2:us-west-2:123456789012:instance/i-30f39af5')
l = list(arn)
self.assertEqual(len(l), 1)
# check filters
arn = scan('arn:aws:ec2:us-west-2:123456789012:instance/i-30f39af5|InstanceType')
l = list(arn)
self.assertEqual(len(l), 1)
r = l[0]
self.assertEqual(r.filtered_data, 't2.small')
def test_ec2_instance_not_found(self):
placebo_cfg = {
"placebo": placebo,
"placebo_data_path": self._get_response_path("instances_3"),
"placebo_mode": "playback",
}
arn = scan("arn:aws:ec2:us-west-2:123456789012:instance/i-87654321",
**placebo_cfg)
# Fetch all Instance resources
l = list(arn)
self.assertEqual(len(l), 0)
def test_vpc_peering_connection(self):
placebo_cfg = {
'placebo': placebo,
'placebo_dir': self._get_response_path('peeringconnections'),
'placebo_mode': 'playback'}
arn = scan(
'arn:aws:ec2:us-east-1:123456789012:vpc-peering-connection/*',
**placebo_cfg)
l = list(arn)
self.assertEqual(len(l), 1)
self.assertEqual(l[0].arn, 'arn:aws:ec2:us-east-1:123456789012:vpc-peering-connection/pcx-027a582b95db2af78')
def test_iam_user_filtering(self):
# Set up the HTTP mocking
host = 'https://iam.amazonaws.com/'
body = get_response_body('iam_user.xml')
httpretty.register_uri(httpretty.POST, host, body=body, status=200)
# Run the test
arn = scan('arn:aws:iam:us-east-1:123456789012:user/bar')
users = list(arn)
self.assertEqual(len(users), 1)
self.assertEqual(users[0].data['UserName'], 'bar')
self.assertEqual(users[0].name, 'bar')
def test_ec2_volumes(self):
placebo_cfg = {
'placebo': placebo,
'placebo_dir': self._get_response_path('volumes'),
'placebo_mode': 'playback'}
arn = scan('arn:aws:ec2:us-west-2:123456789012:volume/*',
**placebo_cfg)
l = list(arn)
self.assertEqual(len(l), 4)
r = l[0]
self.assertEqual(r.data['VolumeId'], "vol-b85e475f")
def test_ec2_volumes(self):
placebo_cfg = {
'placebo': placebo,
'placebo_dir': self._get_response_path('volumes'),
'placebo_mode': 'playback'}
arn = scan('arn:aws:ec2:us-west-2:123456789012:volume/*',
**placebo_cfg)
l = list(arn)
self.assertEqual(len(l), 4)
r = l[0]
self.assertEqual(r.data['VolumeId'], "vol-b85e475f")
def test_iam_groups(self):
placebo_cfg = {
'placebo': placebo,
'placebo_dir': self._get_response_path('groups'),
'placebo_mode': 'playback'}
arn = scan('arn:aws:iam::234567890123:group/*',
**placebo_cfg)
l = list(arn)
self.assertEqual(len(l), 3)
group_resource = l[0]
self.assertEqual(group_resource.arn,
'arn:aws:iam::234567890123:group/Administrators')
def test_iam_groups(self):
placebo_cfg = {
'placebo': placebo,
'placebo_dir': self._get_response_path('groups'),
'placebo_mode': 'playback'}
arn = scan('arn:aws:iam::234567890123:group/*',
**placebo_cfg)
l = list(arn)
self.assertEqual(len(l), 3)
group_resource = l[0]
self.assertEqual(group_resource.arn,
'arn:aws:iam::234567890123:group/Administrators')
def test_beanstalk_environments(self):
placebo_cfg = {
'placebo': placebo,
'placebo_dir': self._get_response_path('environments'),
'placebo_mode': 'playback'}
arn = scan('arn:aws:elasticbeanstalk:us-west-2:123456789012:environment/*',
**placebo_cfg)
l = list(arn)
r = l[0]
self.assertEqual(r.data['EnvironmentName'], "Env1")
self.assertEqual(r.arn, "arn:aws:elasticbeanstalk:us-west-2:123456789012:environment/sample-application/Env1")
self.assertEqual(r.data['ApplicationName'], "sample-application")
def test_vpc_flowlog(self):
placebo_cfg = {
'placebo': placebo,
'placebo_dir': self._get_response_path('flowlogs'),
'placebo_mode': 'playback'}
arn = scan('arn:aws:ec2:us-east-1:123456789012:flow-log/*',
**placebo_cfg)
l = list(arn)
self.assertEqual(len(l), 2)
self.assertEqual(l[0].arn, 'arn:aws:ec2:us-east-1:123456789012:flow-log/fl-1234abcd')
self.assertEqual(l[0].data['LogGroupName'], 'CloudTrail/DefaultLogGroup')
self.assertEqual(str(l[0].data['CreationTime']), '2017-01-23 19:47:49')
def test_nat_gateways(self):
placebo_cfg = {
'placebo': placebo,
'placebo_dir': self._get_response_path('natgateways'),
'placebo_mode': 'playback'}
arn = scan('arn:aws:ec2:us-west-2:123456789012:natgateway/*',
**placebo_cfg)
l = list(arn)
self.assertEqual(len(l), 1)
natgateways = l[0]
self.assertEqual(natgateways.arn,
'arn:aws:ec2:us-west-2:123456789012:natgateway/nat-443d3ea762d00ee83')
def getServiceInstances(aws_service,aws_region,skew_params):
_instances = []
for i in skew.scan('arn:aws:'+aws_service+':'+aws_region+':*:'+skew_params.skew_resource+'/*'):
include=True
for key in skew_params.instances_filters.keys():
include = include and (i.data[key] == skew_params.instances_filters[key])
if not include:
continue # Skip to the next loop (instance)
i.data['Region'] = aws_region
_instances.append(i.data)
# All done
return _instances
def test_cloudformation_stacks(self):
placebo_cfg = {
'placebo': placebo,
'placebo_dir': self._get_response_path('stacks'),
'placebo_mode': 'playback'}
arn = scan('arn:aws:cloudformation:us-west-2:123456789012:stack/*',
**placebo_cfg)
l = list(arn)
self.assertEqual(len(l), 1)
stack_resource = l[0]
resources = list(stack_resource)
self.assertEqual(len(resources), 4)
def test_cloudformation_stacks(self):
placebo_cfg = {
'placebo': placebo,
'placebo_dir': self._get_response_path('stacks'),
'placebo_mode': 'playback'}
arn = scan('arn:aws:cloudformation:us-west-2:123456789012:stack/*',
**placebo_cfg)
l = list(arn)
self.assertEqual(len(l), 1)
stack_resource = l[0]
resources = list(stack_resource)
self.assertEqual(len(resources), 4)
def test_iam_user_filtering(self):
# Set up the HTTP mocking
host = 'https://iam.amazonaws.com/'
body = get_response_body('iam_user.xml')
httpretty.register_uri(httpretty.POST, host,
body=body,
status=200)
# Run the test
arn = scan('arn:aws:iam:us-east-1:123456789012:user/bar')
users = list(arn)
self.assertEqual(len(users), 1)
self.assertEqual(users[0].data['UserName'], 'bar')
self.assertEqual(users[0].name, 'bar')
def test_autoscale_group(self):
# Set up the HTTP mocking
host = 'https://autoscaling.us-east-1.amazonaws.com/'
body = get_response_body('autoscale_asg.xml')
httpretty.register_uri(httpretty.POST, host,
body=body,
status=200)
# Run the test
arn = scan('arn:aws:autoscaling:us-east-1:123456789012:autoScalingGroup/*')
asgs = list(arn)
self.assertEqual(len(asgs), 2)
self.assertEqual(asgs[0].data['AutoScalingGroupName'], 'foo')
self.assertEqual(asgs[1].data['AutoScalingGroupName'], 'bar')
def test_jmespath_query(self):
# Set up the HTTP mocking
host = 'https://ec2.us-east-1.amazonaws.com/'
body = get_response_body('one_instance.xml')
httpretty.register_uri(httpretty.POST, host,
body=body)
# Run the test
arn = scan('arn:aws:ec2:us-east-1:123456789012:instance/*|InstanceType')
# Fetch all Instance resources
instances = list(arn)
self.assertEqual(len(instances), 1)
# Check to see if filtered data is there
self.assertEqual(instances[0].filtered_data, 'c1.medium')
def test_ec2_keypairs(self):
placebo_cfg = {
'placebo': placebo,
'placebo_dir': self._get_response_path('keypairs'),
'placebo_mode': 'playback'}
arn = scan('arn:aws:ec2:us-west-2:123456789012:key-pair/*',
debug=True, **placebo_cfg)
l = list(arn)
self.assertEqual(len(l), 2)
self.assertEqual(l[0].id, 'admin')
self.assertEqual(l[1].id, 'FooBar')
self.assertEqual(
l[0].data['KeyFingerprint'],
"85:83:08:25:fa:96:45:ea:c9:15:04:12:af:45:3f:c0:ef:e8:b8:ce")
def _discover_service(self, service):
"""
Perform a skew scan of the passed service.
"""
resources = []
arn = skew.scan('arn:aws:{0}:*:*:*/*'.format(service))
for item in arn:
try:
resources.append(item)
except Exception as exc:
print("Error iterating resource item: %s" % str(exc))
pass
return resources
def test_cloudwatch_alarm(self):
# Set up the HTTP mocking
host = 'https://monitoring.us-east-1.amazonaws.com/'
body = get_response_body('cloudwatch_alarm.xml')
httpretty.register_uri(httpretty.POST, host,
body=body,
status=200)
# Run the test
arn = scan('arn:aws:cloudwatch:us-east-1:123456789012:alarm/*')
alarms = list(arn)
self.assertEqual(len(alarms), 2)
self.assertEqual(alarms[0].data['AlarmName'],
'UserLevel-ReadCapacityUnitsLimit-foo')
self.assertEqual(alarms[1].data['AlarmName'],
'UserLevel-WriteCapacityUnitsLimit-bar')
def test_rds_dbinstance(self):
# Set up the HTTP mocking
host = 'https://rds.amazonaws.com/'
body1 = get_response_body('rds_one_instance.xml')
body2 = get_response_body('rds_tags.xml')
httpretty.register_uri(httpretty.POST, host,
responses=[
httpretty.Response(body=body1, status=200),
httpretty.Response(body=body1, status=200),
httpretty.Response(body=body2, status=200),
])
# Run the test
arn = scan('arn:aws:rds:us-east-1:123456789012:db/*')
# Fetch all DB resources
dbs = list(arn)
self.assertEqual(len(dbs), 1)
# Fetch a single instance
arn = scan('arn:aws:rds:us-east-1:123456789012:db/foobar')
dbs = list(arn)
self.assertEqual(len(dbs), 1)
db = dbs[0]
# Fetch tags
self.assertEqual(db.tags['Allocation'], 'research')
self.assertEqual(db.tags['Name'], 'foobar')
def test_ec2_volume(self):
# Set up the HTTP mocking
host = 'https://ec2.us-east-1.amazonaws.com/'
body = get_response_body('ec2_volumes.xml')
httpretty.register_uri(httpretty.POST, host,
body=body,
status=200)
# Run the test
arn = scan('arn:aws:ec2:us-east-1:123456789012:volume/*')
vols = list(arn)
self.assertEqual(len(vols), 2)
self.assertEqual(vols[0].data['VolumeId'], 'vol-27d4da72')
self.assertEqual(vols[0].parent, 'i-734d643c')
self.assertEqual(vols[0].tags['Owner'], 'bob')
self.assertEqual(vols[1].data['Size'], 10)
self.assertEqual(vols[1].parent, None)
def index_aws(self, arn_pattern='arn:aws:*:*:*:*/*'):
all_services = set()
all_regions = set()
all_accounts = set()
new_index_name = self._index_name()
LOG.debug('using ARN: %s', arn_pattern)
i = 0
arn = skew.scan(arn_pattern)
for resource in arn:
_, _, service, region, acct_id, _ = str(resource).split(':', 5)
resource.data['service'] = service
resource.data['region'] = region
resource.data['account_id'] = acct_id
resource.data['arn'] = resource.arn
all_services.add(service)
all_regions.add(region)
all_accounts.add(acct_id)
self.es.index(new_index_name, doc_type=resource.resourcetype,
id=str(resource), body=resource.data)
i += 1
LOG.debug('indexed %s', resource.arn)
# Delete old indexes if they exist and create new aliases
if self.es.indices.exists(['skewer']):
self.es.indices.delete(['skewer'])
if self.es.indices.exists([new_index_name]):
self.es.indices.put_alias(index=[new_index_name],
name='skewer')
# Write updated metadata to ES
metadata = {
'services': list(all_services),
'regions': list(all_regions),
'accounts': list(all_accounts)}
self.es.index('skewer-meta', doc_type='skewermeta',
id='skewermeta', body=metadata)