def test_make_kms_key(self, mock_boto):
mock_client = mock.Mock()
mock_client.create_key.return_value = {
'KeyMetadata': {
'KeyId': '12345'
}
}
mock_boto.return_value = mock_client
os.environ['ARN_PREFIX'] = "arn:aws:iam::None"
handler.troubleshoot(
{
"action": "make_kms_key",
"key_project": "WQP-EXTERNAL",
"key_stage": "TEST"
}, self.context)
mock_client.create_key.assert_called_once_with(
Description='IOW WQP-EXTERNAL TEST key',
KeyUsage='ENCRYPT_DECRYPT',
Origin='AWS_KMS',
Tags=[{
'TagKey': 'wma:organization',
'TagValue': 'IOW'
}])
mock_client.create_alias.assert_called_once_with(
AliasName='alias/IOW-WQP-EXTERNAL-TEST', TargetKeyId='12345')
def test_change_secret_kms_key(self, mock_boto):
handler.troubleshoot(
{
"action": "change_secret_kms_key",
"new_kms_key": "my_kms_key_id",
"secret_id": "my_secret_id"
}, self.context)
mock_boto.update_secret.assert_called_once_with(
SecretId='my_secret_id', KmsKeyId='my_kms_key_id')
def test_purge_queue(self, mock_boto):
os.environ['AWS_DEPLOYMENT_REGION'] = 'us-west-2'
mock_client = mock.MagicMock()
mock_client.purge_queue.return_value = None
mock_boto.return_value = mock_client
handler.troubleshoot(
{"action": "purge_queues"},
self.context
)
self.assertEqual(mock_client.purge_queue.call_count, 2)
def test_troubleshoot_start(self, mock_boto):
mock_client = mock.Mock()
my_mock_db_clusters = self.mock_db_clusters
mock_client.describe_db_clusters.return_value = my_mock_db_clusters
mock_boto.return_value = mock_client
stage = 'TEST'
my_mock_db_clusters['DBClusters'][0]['DBClusterIdentifier'] = DB[stage]
my_mock_db_clusters['DBClusters'][0]['Status'] = 'stopped'
mock_client.describe_db_clusters.return_value = my_mock_db_clusters
mock_client.start_db_cluster.return_value = {DB[stage]}
os.environ['STAGE'] = stage
handler.troubleshoot({"action": "start_capture_db"}, self.context)
mock_client.describe_db_clusters.assert_called_once()
mock_client.start_db_cluster.assert_called_once_with(DBClusterIdentifier='nwcapture-test')
def test_create_create_security_group(self, mock_boto, mock_resource):
os.environ['AWS_DEPLOYMENT_REGION'] = 'us-west-2'
mock_client = mock.Mock()
mock_client.create_security_group.return_value = {'GroupId': 'f12345'}
mock_boto.return_value = mock_client
handler.troubleshoot(
{
"action": "create_fargate_security_group",
"description": "test security group",
"group_name": "my group",
"vpc_id": "fsa12345"
}, self.context)
mock_client.create_security_group.assert_called_once_with(
Description='test security group',
GroupName='my group',
VpcId='fsa12345')
def test_change_kms_key_policy(self, mock_boto):
mock_client = mock.Mock()
os.environ['ACCOUNT_ID'] = 'my_account_id'
mock_client.put_key_policy.return_value = {
'KeyMetadata': {
'KeyId': '12345'
}
}
mock_boto.return_value = mock_client
handler.troubleshoot(
{"action": "change_kms_key_policy", "key_id": "key123"},
self.context)
mock_client.put_key_policy.assert_called_once_with(
KeyId='key123', PolicyName='default',
Policy='{"Version": "2012-10-17", "Id": "key-consolepolicy-3", "Statement": [{"Sid": "Enable IAM User Permissions", "Effect": "Allow", "Principal": {"AWS": "arn:aws:iam::my_account_id:root"}, "Action": "kms:*", "Resource": "*"}, {"Sid": "Allow access for Key Administrators", "Effect": "Allow", "Principal": {"AWS": "arn:aws:iam::my_account_id:role/Ec2-Role"}, "Action": ["kms:Create*", "kms:Describe*", "kms:Enable*", "kms:List*", "kms:Put*", "kms:Update*", "kms:Revoke*", "kms:Disable*", "kms:Get*", "kms:Delete*", "kms:TagResource", "kms:UntagResource", "kms:ScheduleKeyDeletion", "kms:CancelKeyDeletion"], "Resource": "*"}, {"Sid": "Allow use of the key", "Effect": "Allow", "Principal": {"AWS": ["arn:aws:iam::my_account_id:role/adfs-developers", "arn:aws:iam::my_account_id:role/adfs-app-operations", "arn:aws:iam::my_account_id:role/Ec2-Role"]}, "Action": ["kms:Encrypt", "kms:Decrypt", "kms:ReEncrypt*", "kms:GenerateDataKey*", "kms:DescribeKey"], "Resource": "*"}, {"Sid": "Allow attachment of persistent resources", "Effect": "Allow", "Principal": {"AWS": "arn:aws:iam::my_account_id:role/Ec2-Role"}, "Action": ["kms:CreateGrant", "kms:ListGrants", "kms:RevokeGrant"], "Resource": "*", "Condition": {"Bool": {"kms:GrantIsForAWSResource": "true"}}}]}'
)
def test_create_efs_access_point(self, mock_boto):
mock_client = mock.Mock()
mock_client.create_access_point.return_value = \
{
'AccessPointId': 'mynewaccesspointid',
}
mock_boto.return_value = mock_client
handler.troubleshoot(
{"action": "create_access_point", "file_system_id": "my_file_system_id"},
self.context
)
mock_client.create_access_point.assert_called_once_with(
ClientToken='iow-geoserver-test',
Tags=[{'Key': 'wma:organization', 'Value': 'IOW'}, {'Key': 'Name', 'Value': 'iow-geoserver-test'}],
FileSystemId='my_file_system_id', PosixUser={'Uid': 1001, 'Gid': 1001, 'SecondaryGids': []},
RootDirectory={'Path': '/data', 'CreationInfo': {'OwnerUid': 1001, 'OwnerGid': 1001, 'Permissions': '0777'}}
)
def test_create_efs_access_point(self, mock_purge):
handler.troubleshoot({"action": "purge_queues"}, self.context)
self.assertEqual(mock_purge.purge_queue.call_count, 2)
def test_troubleshoot_start_bad_actions(self, mock_rds):
with self.assertRaises(Exception) as context:
handler.troubleshoot({}, self.context)
with self.assertRaises(Exception) as context:
handler.troubleshoot({"action": "unknown"}, self.context)