def test_get_discovery_action_templates_regional_resource_regional_service( service_resource_ec2_vpc): action_template = service_resource_ec2_vpc.get_discovery_action_templates( discovery_regions=["eu-west-1"]) assert action_template[0].get_urns == [ PartialUrn( cloud_name="aws", account_id=None, region="eu-west-1", service="ec2", resource_type="vpc", resource_id_parts=[], ) ] assert action_template[0].delete_urns == [ PartialUrn( cloud_name="aws", account_id=None, region="eu-west-1", service="ec2", resource_type="vpc", resource_id_parts=[], ) ]
def test_get_discovery_action_templates_regional_resource_global_service( service_resource_s3_bucket): action_template = service_resource_s3_bucket.get_discovery_action_templates( discovery_regions=["us-east-1"]) assert action_template[0].get_urns == [ PartialUrn( cloud_name="aws", account_id=None, region="us-east-1", service="s3", resource_type="bucket", resource_id_parts=[], ) ] assert action_template[0].delete_urns == [ PartialUrn( cloud_name="aws", account_id=None, region="ALL_REGIONS", service="s3", resource_type="bucket", resource_id_parts=[], ) ]
def test_get_resource_discovery_actions_for_s3( aws_interface: CloudWandererAWSInterface, mock_action_set_s3): aws_interface._get_discovery_action_templates_for_service = MagicMock( return_value=[mock_action_set_s3]) result = aws_interface.get_resource_discovery_actions() assert len(result) == 1 assert isinstance(result[0], ActionSet) assert result[0].get_urns == [ PartialUrn(account_id="111111111111", region=region, service="s3", resource_type="bucket", resource_id_parts=["ALL"]) for region in ["us-east-1"] ] assert result[0].delete_urns == [ PartialUrn(account_id="111111111111", region=region, service="s3", resource_type="bucket", resource_id_parts=["ALL"]) for region in ["us-east-1", "eu-west-1"] ] aws_interface._get_discovery_action_templates_for_service.assert_called_with( service=ANY, resource_types=[], discovery_regions=["us-east-1", "eu-west-1"])
def mock_action_set_vpc(): return TemplateActionSet( get_urns=[ PartialUrn( account_id="ALL", region="eu-west-1", service="ec2", resource_type="vpc", resource_id_parts=["ALL"], ), PartialUrn( account_id="ALL", region="us-east-1", service="ec2", resource_type="vpc", resource_id_parts=["ALL"], ), ], delete_urns=[ PartialUrn( account_id="ALL", region="eu-west-1", service="ec2", resource_type="vpc", resource_id_parts=["ALL"], ), PartialUrn( account_id="ALL", region="us-east-1", service="ec2", resource_type="vpc", resource_id_parts=["ALL"], ), ], )
def test_template_action_set_inflate_regions(): template = TemplateActionSet( get_urns=[ PartialUrn( cloud_name="aws", account_id="ALL", region="us-east-1", service="s3", resource_type="bucket", resource_id_parts=[], ) ], delete_urns=[ PartialUrn( cloud_name="aws", account_id="ALL", region=TemplateActionSetRegionValues.ALL_REGIONS.name, service="s3", resource_type="bucket", resource_id_parts=[], ) ], ) assert template.inflate(regions=["us-east-1", "eu-west-1"], account_id="111111") == ActionSet( get_urns=[ PartialUrn( cloud_name="aws", account_id="111111", region="us-east-1", service="s3", resource_type="bucket", resource_id_parts=[], ), ], delete_urns=[ PartialUrn( cloud_name="aws", account_id="111111", region="us-east-1", service="s3", resource_type="bucket", resource_id_parts=[], ), PartialUrn( cloud_name="aws", account_id="111111", region="eu-west-1", service="s3", resource_type="bucket", resource_id_parts=[], ), ], )
def test_non_string_id_parts(): with pytest.raises(ValueError): PartialUrn(account_id="1", region="region", service="service", resource_type="resource_type", resource_id_parts=[1])
def iam_instance_profile(): return CloudWandererResource( urn=URN( account_id="111111111111", region="us-east-1", service="iam", resource_type="instance_profile", resource_id_parts=["my-test-profile"], ), resource_data={}, dependent_resource_urns=[], relationships=[ Relationship( partial_urn=PartialUrn( cloud_name="aws", account_id="unknown", region="us-east-1", service="iam", resource_type="role", resource_id_parts=["test-role"], ), direction=RelationshipDirection.INBOUND, ) ], )
def get_inferred_ec2_instances(cloudwanderer_boto3_session): vpcs = list(cloudwanderer_boto3_session.resource("ec2").vpcs.all()) return [ CloudWandererResource( urn=URN( account_id="111111111111", region="eu-west-2", service="ec2", resource_type="instance", resource_id_parts=[instance.instance_id], ), resource_data=instance.meta.data, relationships=[ Relationship( partial_urn=PartialUrn( cloud_name="aws", account_id="unknown", region="eu-west-2", service="ec2", resource_type="vpc", resource_id_parts=[vpcs[0].vpc_id], ), direction=RelationshipDirection.INBOUND, ) ], ) for instance in cloudwanderer_boto3_session.resource( "ec2").instances.all() ]
def cloud_wanderer() -> CloudWanderer: mock_storage_connector = MagicMock(**{}) mock_cloud_interface = MagicMock( spec_set=CloudWandererAWSInterface, **{ "get_resource_discovery_actions.return_value": [ ActionSet( get_urns=[ PartialUrn( cloud_name="aws", account_id="111111111111", region="eu-west-1", service="ec2", resource_type="vpc", resource_id_parts=["ALL"], ) ], delete_urns=[ PartialUrn( cloud_name="aws", account_id="111111111111", region="eu-west-1", service="ec2", resource_type="vpc", resource_id_parts=["ALL"], ) ], ) ], "get_resources.return_value": [ CloudWandererResource( URN( cloud_name="aws", account_id="111111111111", region="eu-west-1", service="ec2", resource_type="vpc", resource_id_parts=["vpc-11111111"], ), resource_data={}, discovery_time=datetime.datetime(1986, 1, 1, tzinfo=datetime.timezone.utc), ) ], } ) return CloudWanderer(storage_connectors=[mock_storage_connector], cloud_interface=mock_cloud_interface)
def partial_urn(): return PartialUrn( account_id="111111111111", region="unknown", service="service", resource_type="resource_type", resource_id_parts=["id"], )
def test_is_not_partial(): complete_urn = PartialUrn(account_id="1", region="region", service="service", resource_type="resource_type", resource_id_parts=["id"]) assert not complete_urn.is_partial
def mock_action_set_s3(): return TemplateActionSet( get_urns=[ PartialUrn( account_id="ALL", region="us-east-1", service="s3", resource_type="bucket", resource_id_parts=["ALL"], ) ], delete_urns=[ PartialUrn( account_id="ALL", region=TemplateActionSetRegionValues.ALL_REGIONS.name, service="s3", resource_type="bucket", resource_id_parts=["ALL"], ) ], )
def mock_action_set_role(): return TemplateActionSet( get_urns=[ PartialUrn( account_id="ALL", region="us-east-1", service="iam", resource_type="role", resource_id_parts=["ALL"], ) ], delete_urns=[ PartialUrn( account_id="ALL", region="us-east-1", service="iam", resource_type="role", resource_id_parts=["ALL"], ) ], )
def test_relationships(service_resource_ec2_vpc): assert service_resource_ec2_vpc.relationships == [ Relationship( partial_urn=PartialUrn( cloud_name="aws", account_id="unknown", region="eu-west-1", service="ec2", resource_type="dhcp_options", resource_id_parts=["dopt-mock"], ), direction=RelationshipDirection.OUTBOUND, ) ]
def test_relationships_arn(service_resource_lambda_function): assert service_resource_lambda_function.relationships == [ Relationship( partial_urn=PartialUrn( cloud_name="aws", account_id="111111111111", region="eu-west-1", service="lambda", resource_type="layer_version", resource_id_parts=["test-layer", "2"], ), direction=RelationshipDirection.OUTBOUND, ) ]
def test_dependent_resources_reference(service_resource_ec2_route): action_template = service_resource_ec2_route.get_discovery_action_templates( discovery_regions=["us-east-1"]) assert action_template[0].get_urns == [] assert action_template[0].delete_urns == [ PartialUrn( cloud_name="aws", account_id=None, region="us-east-1", service="ec2", resource_type="route", resource_id_parts=[], ) ]
def test_dependent_resources_subresource(service_resource_iam_role_policy): action_template = service_resource_iam_role_policy.get_discovery_action_templates( discovery_regions=["us-east-1"]) assert action_template[0].get_urns == [] assert action_template[0].delete_urns == [ PartialUrn( cloud_name="aws", account_id=None, region="us-east-1", service="iam", resource_type="role_policy", resource_id_parts=[], ) ]
def test_get_resource_discovery_actions(aws_interface, s3_cleanup_actions): result = aws_interface.get_resource_discovery_actions( regions=["us-east-1"], service_resource_types=[ ServiceResourceType(service="s3", resource_type="bucket") ])[0] assert result.get_urns == [ PartialUrn( cloud_name="aws", account_id="123456789012", region="us-east-1", service="s3", resource_type="bucket", resource_id_parts=[], ) ] for action in s3_cleanup_actions: assert action in result.delete_urns
def test_template_action_set_inflate(): template = TemplateActionSet( get_urns=[ PartialUrn( cloud_name="aws", account_id="ALL", region="eu-west-1", service="ec2", resource_type="vpc", resource_id_parts=[], ), PartialUrn( cloud_name="aws", account_id="ALL", region="us-east-1", service="ec2", resource_type="vpc", resource_id_parts=[], ), ], delete_urns=[ PartialUrn( cloud_name="aws", account_id="ALL", region="eu-west-1", service="ec2", resource_type="vpc", resource_id_parts=[], ), PartialUrn( cloud_name="aws", account_id="ALL", region="us-east-1", service="ec2", resource_type="vpc", resource_id_parts=[], ), ], ) assert template.inflate(regions=["eu-west-1"], account_id="111111") == ActionSet( get_urns=[ PartialUrn( cloud_name="aws", account_id="111111", region="eu-west-1", service="ec2", resource_type="vpc", resource_id_parts=[], ), PartialUrn( cloud_name="aws", account_id="111111", region="us-east-1", service="ec2", resource_type="vpc", resource_id_parts=[], ), ], delete_urns=[ PartialUrn( cloud_name="aws", account_id="111111", region="eu-west-1", service="ec2", resource_type="vpc", resource_id_parts=[], ), PartialUrn( cloud_name="aws", account_id="111111", region="us-east-1", service="ec2", resource_type="vpc", resource_id_parts=[], ), ], )
def s3_cleanup_actions(): return [ PartialUrn( cloud_name="aws", account_id="123456789012", region="af-south-1", service="s3", resource_type="bucket", resource_id_parts=[], ), PartialUrn( cloud_name="aws", account_id="123456789012", region="ap-northeast-1", service="s3", resource_type="bucket", resource_id_parts=[], ), PartialUrn( cloud_name="aws", account_id="123456789012", region="ap-northeast-2", service="s3", resource_type="bucket", resource_id_parts=[], ), PartialUrn( cloud_name="aws", account_id="123456789012", region="ap-northeast-3", service="s3", resource_type="bucket", resource_id_parts=[], ), PartialUrn( cloud_name="aws", account_id="123456789012", region="ap-south-1", service="s3", resource_type="bucket", resource_id_parts=[], ), PartialUrn( cloud_name="aws", account_id="123456789012", region="ap-southeast-1", service="s3", resource_type="bucket", resource_id_parts=[], ), PartialUrn( cloud_name="aws", account_id="123456789012", region="ap-southeast-2", service="s3", resource_type="bucket", resource_id_parts=[], ), PartialUrn( cloud_name="aws", account_id="123456789012", region="ca-central-1", service="s3", resource_type="bucket", resource_id_parts=[], ), PartialUrn( cloud_name="aws", account_id="123456789012", region="eu-central-1", service="s3", resource_type="bucket", resource_id_parts=[], ), PartialUrn( cloud_name="aws", account_id="123456789012", region="eu-north-1", service="s3", resource_type="bucket", resource_id_parts=[], ), PartialUrn( cloud_name="aws", account_id="123456789012", region="eu-south-1", service="s3", resource_type="bucket", resource_id_parts=[], ), PartialUrn( cloud_name="aws", account_id="123456789012", region="eu-west-1", service="s3", resource_type="bucket", resource_id_parts=[], ), PartialUrn( cloud_name="aws", account_id="123456789012", region="eu-west-2", service="s3", resource_type="bucket", resource_id_parts=[], ), PartialUrn( cloud_name="aws", account_id="123456789012", region="eu-west-3", service="s3", resource_type="bucket", resource_id_parts=[], ), PartialUrn( cloud_name="aws", account_id="123456789012", region="sa-east-1", service="s3", resource_type="bucket", resource_id_parts=[], ), PartialUrn( cloud_name="aws", account_id="123456789012", region="us-east-1", service="s3", resource_type="bucket", resource_id_parts=[], ), PartialUrn( cloud_name="aws", account_id="123456789012", region="us-east-2", service="s3", resource_type="bucket", resource_id_parts=[], ), PartialUrn( cloud_name="aws", account_id="123456789012", region="us-west-1", service="s3", resource_type="bucket", resource_id_parts=[], ), PartialUrn( cloud_name="aws", account_id="123456789012", region="us-west-2", service="s3", resource_type="bucket", resource_id_parts=[], ), PartialUrn( cloud_name="aws", account_id="123456789012", region="us-gov-east-1", service="s3", resource_type="bucket", resource_id_parts=[], ), PartialUrn( cloud_name="aws", account_id="123456789012", region="us-gov-west-1", service="s3", resource_type="bucket", resource_id_parts=[], ), PartialUrn( cloud_name="aws", account_id="123456789012", region="cn-north-1", service="s3", resource_type="bucket", resource_id_parts=[], ), PartialUrn( cloud_name="aws", account_id="123456789012", region="cn-northwest-1", service="s3", resource_type="bucket", resource_id_parts=[], ), ]
def default_test_discovery_actions(): return [ ActionSet( get_urns=[ PartialUrn( cloud_name="aws", account_id="123456789012", region="eu-west-2", service="ec2", resource_type="vpc", resource_id_parts=["ALL"], ), PartialUrn( cloud_name="aws", account_id="123456789012", region="us-east-1", service="ec2", resource_type="vpc", resource_id_parts=["ALL"], ), ], delete_urns=[ PartialUrn( cloud_name="aws", account_id="123456789012", region="eu-west-2", service="ec2", resource_type="vpc", resource_id_parts=["ALL"], ), PartialUrn( cloud_name="aws", account_id="123456789012", region="us-east-1", service="ec2", resource_type="vpc", resource_id_parts=["ALL"], ), ], ), # S3 ActionSet( get_urns=[ PartialUrn( cloud_name="aws", account_id="123456789012", region="us-east-1", service="s3", resource_type="bucket", resource_id_parts=["ALL"], ), ], delete_urns=[ PartialUrn( cloud_name="aws", account_id="123456789012", region="us-east-1", service="s3", resource_type="bucket", resource_id_parts=["ALL"], ), ], ), # IAM ActionSet( get_urns=[ PartialUrn( cloud_name="aws", account_id="123456789012", region="us-east-1", service="iam", resource_type="role", resource_id_parts=["ALL"], ), ], delete_urns=[ PartialUrn( cloud_name="aws", account_id="123456789012", region="us-east-1", service="iam", resource_type="role", resource_id_parts=["ALL"], ), ], ), ]