def test_access_by_authz_with_role(self, forseti_cli: ForsetiCli,
forseti_model_readonly,
forseti_server_service_account,
project_id):
"""Test access_by_authz with role includes Forseti project id.
Args:
forseti_cli (ForsetiCli): Instance of the forseti cli helper
forseti_model_readonly (Tuple): Model name & process result
forseti_server_service_account (str): Server service account email
project_id (str): Project id being scanned
"""
# Arrange
model_name, _, _ = forseti_model_readonly
forseti_cli.model_use(model_name=model_name)
# Act
result = forseti_cli.explainer_access_by_authz(
role='roles/storage.objectCreator')
# Assert
assert result.returncode == 0, f'Forseti stdout: {str(result.stdout)}'
assert re.search(fr'{project_id}', str(result.stdout))
assert re.search(fr'serviceaccount\/{forseti_server_service_account}',
str(result.stdout))
def test_access_by_authz_with_permission(self, forseti_cli: ForsetiCli,
forseti_model_readonly,
project_id):
"""Test access_by_authz with permission includes Forseti project id.
Args:
forseti_cli (ForsetiCli): Instance of the forseti cli helper
forseti_model_readonly (Tuple): Model name & process result
project_id (str): Project id being scanned
"""
# Arrange
model_name, _, _ = forseti_model_readonly
forseti_cli.model_use(model_name=model_name)
# Act
result = forseti_cli.explainer_access_by_authz(
permission='iam.serviceAccounts.get')
# Assert
assert result.returncode == 0, f'Forseti stdout: {str(result.stdout)}'
assert re.search(fr'"resource":[\s+]"project\/{project_id}"',
str(result.stdout))
assert re.search(fr'"role":[\s+]"roles\/editor"', str(result.stdout))