def test_delete(self): now = datetime.now() role_model = RoleModel.objects.create( id=RoleModel.MASTER_ID, role_name="test_role", created_at=now, updated_at=now ) tenant_model = TenantModel.objects.create( tenant_name="test_tenant", created_at=now, updated_at=now ) user_model = UserModel( email="test_email", name="test_name", password="******", tenant=tenant_model, role=role_model, created_at=now, updated_at=now ) user_model.save() saved_user_model = UserModel.objects.all() saved_user_model.all().delete() deleted_user_model = UserModel.objects.all() self.assertEqual(deleted_user_model.count(), 0)
def save_aws_environment(self, request_user: UserModel, aws_environment: AwsEnvironmentModel): self.logger.info("START: save_aws_environment") if not request_user.is_belong_to_tenant(aws_environment.tenant): raise PermissionDenied( "request user can't save aws_environments. user_id:{} tenant_id: {}" .format(request_user.id, aws_environment.tenant.id)) if not request_user.can_control_aws(): raise PermissionDenied( "request user can't save aws_environments. id:{}".format( request_user.id)) # ロールの確認 iam = Iam(aws_environment, None) iam.validate_role(aws_environment.aws_account_id, aws_environment.aws_role) # 保存 aws_environment.save() # SCHEDULERにAWS環境を登録する scheduler = UserModel.get_scheduler(aws_environment.tenant) scheduler.aws_environments.add(aws_environment) scheduler.save() self.logger.info("END: save_aws_environment") return aws_environment
def test_delete_protect_role(self): now = datetime.now() role_model = RoleModel.objects.create( id=RoleModel.MASTER_ID, role_name="test_role", created_at=now, updated_at=now ) tenant_model = TenantModel.objects.create( tenant_name="test_tenant", created_at=now, updated_at=now ) user_model = UserModel( email="test_email", name="test_name", password="******", tenant=tenant_model, role=role_model, created_at=now, updated_at=now ) user_model.save() # 登録されたことを確認する model_objects_all = UserModel.objects.all() self.assertEqual(model_objects_all.count(), 1) # 削除できないことを確認する with self.assertRaises(ProtectedError): role_model.delete() model_objects_all = UserModel.objects.all() self.assertEqual(model_objects_all.count(), 1)
def test_update(self): now = datetime.now() role_model = RoleModel.objects.create( id=RoleModel.MASTER_ID, role_name="test_role", created_at=now, updated_at=now ) tenant_model = TenantModel.objects.create( tenant_name="test_tenant", created_at=now, updated_at=now ) user_model = UserModel( email="test_email", name="test_name", password="******", tenant=tenant_model, role=role_model, created_at=now, updated_at=now ) user_model.save() saved_user_model = UserModel.objects.all() actual_user_model = saved_user_model[0] actual_user_model.email = "updated_email" actual_user_model.save() user_model_objects_get = UserModel.objects.get(email="updated_email") self.assertEqual(user_model_objects_get.email, "updated_email")
def _create_user_model(email, name, password, tenant, role): now = datetime.now() user_model = UserModel(email=email, name=name, password=password, tenant=tenant, role=role, created_at=now, updated_at=now) user_model.save() return user_model
def delete_aws_environment(self, request_user: UserModel, aws_environment: AwsEnvironmentModel): self.logger.info("START: delete_aws_environment") if not request_user.is_belong_to_tenant(aws_environment.tenant): raise PermissionDenied("request user can't delete aws_environments. user_id:{} tenant_id: {}". format(request_user.id, aws_environment.tenant.id)) if not request_user.can_control_aws(): raise PermissionDenied("request user can't delete aws_environments. id:{}".format(request_user.id)) # 削除 aws_environment.delete() self.logger.info("END: delete_aws_environment")
def fetch_destinations(self, request_user: UserModel, tenant: TenantModel): self.logger.info("START: fetch_destinations") if not request_user.can_control_notification(): raise PermissionDenied if not request_user.is_belong_to_tenant(tenant): raise PermissionDenied( "request user doesn't belong to tenant. user_id:{}, tenant_id: {}" .format(request_user.id, tenant.id)) destinations = NotificationDestinationModel.all().filter(tenant=tenant) self.logger.info("END: fetch_destinations") return destinations
def delete_schedule(self, request_user: UserModel, tenant: TenantModel, aws_environment: AwsEnvironmentModel, event_id: int): self.logger.info("START: delete") if not request_user.is_belong_to_tenant(tenant): raise PermissionDenied("request user is not belong to tenant. user_id:{} tenant_id:{}" .format(request_user.id, tenant.id)) if not request_user.has_aws_env(aws_environment): raise PermissionDenied("request user doesn't have aws environments. id:{}".format(request_user.id)) EventRepository.delete(event_id) self.logger.info("END: delete")
def fetch_aws_environments(self, request_user: UserModel, tenant: TenantModel): self.logger.info("START: fetch_aws_environments") if not request_user.is_belong_to_tenant(tenant): raise PermissionDenied("request user can't fetch aws_environments. user_id:{} tenant_id: {}". format(request_user.id, tenant.id)) if not request_user.can_control_aws(): raise PermissionDenied("request user can't fetch aws_environments. id:{}".format(request_user.id)) aws_environments = AwsEnvironmentModel.objects.filter(tenant_id=tenant.id) self.logger.info("END: fetch_aws_environments") return aws_environments
def billing_graph(self, request_user: UserModel, aws: AwsEnvironmentModel, start_time, end_time, period, stat): self.logger.info("START: graph") # 使用できるAWSアカウントか if not request_user.has_aws_env(aws): raise PermissionDenied( "request user can't use aws account. user_id: {}, aws_id: {}". format(request_user.id, aws.id)) # 請求情報を取得する権限を持っているか if not request_user.can_fetch_billing(): raise PermissionDenied( "request user can't fetch aws_environments. id:{}".format( request_user.id)) # 請求情報のリストメトリクスを一覧で取得 metrics = CloudWatch(aws, 'us-east-1').list_metrics('AWS/Billing', 'EstimatedCharges', []) # APIの引数を充足 # ここは配列じゃなくて辞書型にして、どのサービスかわかるように! metric_data_queries = [] for metric in metrics: metric_data_queries.append( dict(metric_name=metric['MetricName'], dimensions=metric['Dimensions'])) params = dict(name_space='AWS/Billing', period=period, stat=stat, start_time=start_time, end_time=end_time, metric_data_queries=metric_data_queries) monitor_graphs = CloudWatch(aws, 'us-east-1').get_multi_charts(**params) self.logger.info("END: graph") # 成型を行う config内から情報を絞りこむ # 総計はserviceがUSDとなるので、これをTotalに変換 def pick_service_name(dimensions): return next((dimension['Value'] for dimension in dimensions if dimension['Name'] == 'ServiceName'), 'Total') result = map( lambda graph: dict(service=pick_service_name(graph['config'][ 'dimensions']), timestamps=graph['timestamps'], values=graph['values']), monitor_graphs) return list(result)
def delete_user(self, request_user: UserModel, user: UserModel): self.logger.info("START: delete_user") if not request_user.is_belong_to_tenant(user.tenant): raise PermissionDenied( "request user can't fetch users. user_id:{} tenant_id: {}". format(request_user.id, user.tenant.id)) if not request_user.can_delete_user(user): raise PermissionDenied( "request user can't delete user. id:{}".format( request_user.id)) user.delete() self.logger.info("END: delete_user")
def fetch_schedules(self, request_user: UserModel, tenant: TenantModel, aws_environment: AwsEnvironmentModel, resource: Resource): self.logger.info("START: fetch_schedules") if not request_user.is_belong_to_tenant(tenant): raise PermissionDenied("request user is not belong to tenant. user_id:{} tenant_id:{}" .format(request_user.id, tenant.id)) if not request_user.has_aws_env(aws_environment): raise PermissionDenied("request user doesn't have aws environments. id:{}".format(request_user.id)) schedules = EventRepository.fetch_schedules_by_resource(resource, aws_environment) self.logger.info("END: fetch_schedules") return schedules
def fetch_logs(self, request_user: UserModel, tenant: TenantModel): self.logger.info("START: fetch_logs") if not request_user.is_belong_to_tenant(tenant): raise PermissionDenied("request user can't fetch aws_environments. user_id:{} tenant_id: {}". format(request_user.id, tenant.id)) if request_user.can_control_other_user(): # 他のユーザーを管理できる権限ならばテナント内のログを取得 logs = OperationLogModel.objects.filter(tenant=tenant) else: # そうでなければ自身のログを取得 logs = OperationLogModel.objects.filter(tenant=tenant, executor=request_user) self.logger.info("END: fetch_logs") return logs
def delete_group(self, request_user: UserModel, group: NotificationGroupModel): self.logger.info("START: delete_group") if not request_user.can_control_notification(): raise PermissionDenied if not request_user.is_belong_to_tenant(group.tenant): raise PermissionDenied( "request user doesn't belong to tenant. user_id:{}, tenant_id: {}" .format(request_user.id, group.tenant.id)) # 作成 group.delete() self.logger.info("END: delete_group")
def delete_destination(self, request_user: UserModel, destination: NotificationDestinationModel): self.logger.info("START: delete_destination") if not request_user.can_control_notification(): raise PermissionDenied if not request_user.is_belong_to_tenant(destination.tenant): raise PermissionDenied( "request user doesn't belong to tenant. user_id:{}, tenant_id: {}" .format(request_user.id, destination.tenant.id)) # 削除 destination.delete() self.logger.info("END: delete_destination")
def test_update_user_no_user(self, use_case: mock.Mock): # Company1のユーザーで認証 api_client = APIClient() api_client.force_authenticate(user=UserModel.objects.get( email="test_email")) # Company1のユーザーを更新 user = UserModel.objects.get(email="test_email_USER") user_name = "putman" user_password = "******" user_email = "*****@*****.**" aws_models = AwsEnvironmentModel.objects.filter(tenant=user.tenant) aws_ids = [aws.id for aws in aws_models] update_user = use_case.return_value.update_user update_user.return_value = UserModel(id=100) response = api_client.put( path=self.api_path_in_tenant.format(-100, -100) + "/", data={ "email": user_email, "name": user_name, "password": user_password, "role": RoleModel.USER_ID, "aws_environments": aws_ids }, format='json') use_case.return_value.update_user.assert_not_called() # ステータスコードの確認 self.assertEqual(response.status_code, 404)
def test_create_tenant_master(self, tenant_serializer, user_serializer, usecase): # MASTERユーザーで認証 api_client = APIClient() api_client.force_authenticate(user=UserModel.objects.get( email="master_email")) # 作成するテナント data = dict(tenant=dict(tenant_name='test_tenant', email='*****@*****.**', tel='03-1234-1234'), user=dict(name="test_user", email="*****@*****.**")) usecase.return_value.create_tenant.return_value = ( TenantModel(tenant_name="test_tenant", email="*****@*****.**", tel='03-1234-1234'), UserModel(email="*****@*****.**", name="test_user")) usecase.return_value.create_tenant.return_value = (mock.Mock( spec=TenantModel), mock.Mock(spec=UserModel)) tenant_serializer.return_value.data = "TEST" user_serializer.return_value.data = "TEST" # Company1の情報を取得 response = api_client.post(self.api_path_in_tenant, data=data, format='json') self.assertEqual(response.status_code, 201)
def stop_resource(self, request_user: UserModel, aws_environment: AwsEnvironmentModel, resource: Resource): self.logger.info("START: stop_resource") tenant = aws_environment.tenant if not request_user.is_belong_to_tenant(tenant): raise PermissionDenied( "request user is not belong to tenant. user_id:{} tenant_id:{}" .format(request_user.id, tenant.id)) if not request_user.has_aws_env(aws_environment): raise PermissionDenied( "request user doesn't have aws environments. id:{}".format( request_user.id)) resource.stop(aws_environment) self.logger.info("END: stop_resource")
def run_command(self, request_user: UserModel, aws_environment: AwsEnvironmentModel, command: Command): self.logger.info("START: run_command") tenant = aws_environment.tenant if not request_user.is_belong_to_tenant(tenant): raise PermissionDenied( "request user is not belong to tenant. user_id:{} tenant_id:{}" .format(request_user.id, tenant.id)) if not request_user.has_aws_env(aws_environment): raise PermissionDenied( "request user doesn't have aws environments. id:{}".format( request_user.id)) command.run(aws_environment) self.logger.info("END: run_command") return command
def fetch_users(self, request_user: UserModel, tenant: TenantModel): self.logger.info("START: fetch_users") if not request_user.is_belong_to_tenant(tenant): raise PermissionDenied( "request user can't fetch users. user_id:{} tenant_id: {}". format(request_user.id, tenant.id)) if not request_user.can_control_other_user(): raise PermissionDenied( "request user can't fetch users. id:{}".format( request_user.id)) # スケジューラーは一覧に表示しない response = [ user_model for user_model in UserModel.objects.filter( tenant=tenant).exclude(role_id=RoleModel.SCHEDULER_ID) ] self.logger.info("END: fetch_users") return response
def delete_tenant(self, request_user: UserModel, tenant: TenantModel): self.logger.info("START: delete_tenant") if not request_user.can_control_tenant(): raise InvalidRoleException( "request user can't create tenant. id:{}".format( request_user.id)) tenant.delete() self.logger.info("END: delete_tenant")
def create_backup(self, request_user: UserModel, aws_environment: AwsEnvironmentModel, resource: Resource, no_reboot: bool): self.logger.info("START: create_backup") tenant = aws_environment.tenant if not request_user.is_belong_to_tenant(tenant): raise PermissionDenied( "request user is not belong to tenant. user_id:{} tenant_id:{}" .format(request_user.id, tenant.id)) if not request_user.has_aws_env(aws_environment): raise PermissionDenied( "request user doesn't have aws environments. id:{}".format( request_user.id)) backup_id = resource.create_backup(aws_environment, no_reboot=no_reboot) self.logger.info("END: create_backup") return backup_id
def reset_password(self, user: UserModel): self.logger.info("START: reset password") # パスワード変更 reset_password = user.reset_password() user.save() try: # メール送信 self.logger.info("START: Send mail by SES.") self.logger.info("using address. {}".format(settings.SES_ADDRESS)) ses = Ses(settings.SES_ADDRESS, settings.SES_ADDRESS) ses.send_password_reset_mail(user.email, reset_password) self.logger.info("END: Send mail by SES.") except ClientError as e: self.logger.exception(e) raise InvalidEmailException self.logger.info("END: reset password") return user
def describe_document(self, request_user: UserModel, aws_environment: AwsEnvironmentModel, region: str, document_name: str): self.logger.info("START: describe_document") tenant = aws_environment.tenant if not request_user.is_belong_to_tenant(tenant): raise PermissionDenied( "request user is not belong to tenant. user_id:{} tenant_id:{}" .format(request_user.id, tenant.id)) if not request_user.has_aws_env(aws_environment): raise PermissionDenied( "request user doesn't have aws environments. id:{}".format( request_user.id)) ssm = Ssm(aws_environment=aws_environment, region=region) document = ssm.describe_document(document_name) self.logger.info("END: describe_document") return document
def fetch_tenants(self, request_user: UserModel): self.logger.info("START: fetch_tenants") if not request_user.can_control_tenant(): raise InvalidRoleException( "request user can't create tenant. id:{}".format( request_user.id)) response = [tenant_model for tenant_model in TenantModel.objects.all()] self.logger.info("END: fetch_tenants") return response
def fetch_documents(self, request_user: UserModel, aws_environment: AwsEnvironmentModel, region: str): self.logger.info("START: fetch_documents") tenant = aws_environment.tenant if not request_user.is_belong_to_tenant(tenant): raise PermissionDenied( "request user is not belong to tenant. user_id:{} tenant_id:{}" .format(request_user.id, tenant.id)) if not request_user.has_aws_env(aws_environment): raise PermissionDenied( "request user doesn't have aws environments. id:{}".format( request_user.id)) ssm = Ssm(aws_environment=aws_environment, region=region) documents = [] for generator in ssm.list_documents(): documents.extend(generator) self.logger.info("END: fetch_documents") return documents
def create_user(self, request_user: UserModel, user: UserModel, aws_envs: AwsEnvironmentModel, password: str): self.logger.info("START: create_user") if not request_user.is_belong_to_tenant(user.tenant): raise PermissionDenied( "request user can't fetch users. user_id:{} tenant_id: {}". format(request_user.id, user.tenant.id)) # 作成しようとしているユーザーを作成できるロールを持つか if not request_user.can_save_user(user): raise PermissionDenied( "request user can't create user. id:{}".format( request_user.id)) # パスワードを暗号化して登録 if not user.set_password(password): raise InvalidPasswordException( "invalid password. {}".format(password)) user.save() # ユーザーにAWS環境を登録 if not request_user.realignment_aws_environments(user, aws_envs): raise PermissionDenied( "request user can't control aws environments. id:{}".format( request_user.id)) self.logger.info("END: create_user") return user
def fetch_resources(self, request_user: UserModel, aws_environment: AwsEnvironmentModel, region: str) -> list: self.logger.info("START: fetch resources") if not request_user.is_belong_to_tenant(aws_environment.tenant): raise PermissionDenied( "request user is not belong to tenant. user_id:{} tenant_id:{}" .format(request_user.id, aws_environment.tenant.id)) if not request_user.has_aws_env(aws_environment): raise PermissionDenied( "request user doesn't have aws environments. id:{}".format( request_user.id)) tagging = ResourceGroupTagging(aws_environment=aws_environment, region=region) self.logger.info("ResourceGroupTagging Client Created.") resources = [] resources_status = None for get_resources in tagging.get_resources( Resource.get_all_services()): self.logger.info("got resource tags") if resources_status is None and get_resources: resources_status = CloudWatch( aws_environment=aws_environment, region=region).get_resources_status() self.logger.info("got cloudwatch alarms") for get_resource in get_resources: self.logger.info("resource tag convert response") # アラームがなければ未設定とする get_resource.status = resources_status[get_resource.get_service_name()].\ get(get_resource.resource_id, "UNSET") resources.append(get_resource) self.logger.info("END: fetch resources") return resources
def fetch_monitors(self, request_user: UserModel, aws: AwsEnvironmentModel, resource: Resource): self.logger.info("START: fetch_monitors") # 使用できるAWSアカウントか if not request_user.has_aws_env(aws): raise PermissionDenied( "request user can't use aws account. user_id: {}, aws_id: {}". format(request_user.id, aws.id)) monitors = CloudWatch( aws, resource.region).describe_resource_monitors(resource) self.logger.info("END: fetch_monitors") return monitors
def graph(self, request_user: UserModel, resource: Resource, aws: AwsEnvironmentModel, monitor_graph: MonitorGraph): self.logger.info("START: graph") # 使用できるAWSアカウントか if not request_user.has_aws_env(aws): raise PermissionDenied( "request user can't use aws account. user_id: {}, aws_id: {}". format(request_user.id, aws.id)) if monitor_graph.metric_name not in resource.get_metrics(): raise ObjectDoesNotExist( "service doesn't have metric service_type: {} metric: {}". format(resource.get_service_name(), monitor_graph.metric_name)) monitor_graph = CloudWatch(aws, resource.region).get_chart( monitor_graph, resource) self.logger.info("END: graph") return monitor_graph