def test_get_organizations(self): """Test that get_organizations() returns expected data. Setup: Create magic mock for execute_sql_with_fetch(). Create fake rows of org data. Expect: * get_organizations() call returns expected data: a list of Organizations. """ self.fetch_mock.return_value = self.fake_orgs_db_rows fake_query = select_data.ORGANIZATIONS.format(self.fake_timestamp) orgs = self.org_dao.get_organizations( self.resource_name, self.fake_timestamp) expected_orgs = [ organization.Organization( self.fake_orgs_db_rows[0]['org_id'], display_name=self.fake_orgs_db_rows[0]['display_name'], lifecycle_state=self.fake_orgs_db_rows[0]['lifecycle_state']), organization.Organization( self.fake_orgs_db_rows[1]['org_id'], display_name=self.fake_orgs_db_rows[1]['display_name'], lifecycle_state=self.fake_orgs_db_rows[1]['lifecycle_state']), ] self.assertEqual(expected_orgs, orgs)
def setUp(self, mock_org_dao, mock_folder_dao, mock_project_dao): mock_org_dao.return_value = None mock_folder_dao.return_value = None mock_project_dao.return_value = None self.org_res_rel_dao = org_resource_rel_dao.OrgResourceRelDao({}) # TODO: move this to separate module self.fake_org = organization.Organization( organization_id=1, display_name='Org 1') self.fake_folder1 = folder.Folder( folder_id=11, display_name='Folder 1', parent=self.fake_org) self.fake_folder2 = folder.Folder( folder_id=22, display_name='Folder 2', parent=self.fake_folder1) self.fake_project1 = project.Project( project_number=111, project_id='project-1', display_name='Project 1', parent=self.fake_folder2) self.fake_timestamp = '1234567890'
def get_org_iam_policies(self, resource_name, timestamp): """Get the organization policies. This does not raise any errors if there's a database or json parse error because we want to return as many organizations as possible. Args: resource_name (str): The resource name. timestamp (str): The timestamp of the snapshot. Returns: dict: A dict that maps organizations (gcp_type.organization.Organization) to their IAM policies (dict). """ org_iam_policies = {} query = select_data.ORG_IAM_POLICIES.format(timestamp) rows = self.execute_sql_with_fetch(resource_name, query, ()) for row in rows: try: org = organization.Organization(organization_id=row['org_id']) iam_policy = json.loads(row.get('iam_policy', {})) org_iam_policies[org] = iam_policy except ValueError: LOGGER.warn('Error parsing json:\n %s', row.get('iam_policy')) return org_iam_policies
def test_get_org_iam_policies(self): """Test that get_org_iam_policies() returns expected data. Setup: Create magic mock for execute_sql_with_fetch(). Create fake row of org data. Expect: * get_org_iam_policies() call returns expected data: a dict of Organizations and their IAM policies. """ org_id = self.fake_orgs_db_rows[0]['org_id'] iam_policy = { 'role': 'roles/something', 'members': ['user:[email protected]'] } fake_org_iam_policies = [ {'org_id': org_id, 'iam_policy': json.dumps(iam_policy)} ] self.fetch_mock.return_value = fake_org_iam_policies actual = self.org_dao.get_org_iam_policies( self.resource_name, self.fake_timestamp) org = organization.Organization(org_id) expected = { org: iam_policy } self.assertEqual(expected, actual)
def test_get_org_iam_policies_malformed_json_error_handled(self): """Test malformed json error is handled in get_org_iam_policies(). Setup: Create magic mock for execute_sql_with_fetch(). Expect: Log a warning and skip the row. """ self.fetch_mock.return_value = self.fake_orgs_bad_iam_db_rows organization_dao.LOGGER = mock.MagicMock() expected_org = organization.Organization( self.fake_orgs_bad_iam_db_rows[0]['org_id']) expected_iam = json.loads( self.fake_orgs_bad_iam_db_rows[0]['iam_policy']) expected = { expected_org: expected_iam } actual = self.org_dao.get_org_iam_policies( self.resource_name, self.fake_timestamp) self.assertEqual(1, organization_dao.LOGGER.warn.call_count) self.assertEqual(expected, actual)
def test_retrieve_error_logged_when_api_error(self, mock_logger): """Test that LOGGER.error() is called when there is an API error.""" self.mock_dao.get_organizations.return_value = [ organization.Organization( self.fake_id)] self.pipeline.api_client.get_org_iam_policies.side_effect = ( api_errors.ApiExecutionError('11111', mock.MagicMock())) results = self.pipeline._retrieve() self.assertEqual([], results) self.assertEqual(1, mock_logger.error.call_count)
def test_retrieve_error_logged_when_api_error(self): """Test that LOGGER.error() is called when there is an API error.""" self.mock_dao.get_organizations.return_value = [ organization.Organization(self.pipeline.configs['organization_id'])] self.pipeline.api_client.get_org_iam_policies.side_effect = ( api_errors.ApiExecutionError('11111', mock.MagicMock())) load_org_iam_policies_pipeline.LOGGER = mock.MagicMock() self.pipeline._retrieve() self.assertEqual( 1, load_org_iam_policies_pipeline.LOGGER.error.call_count)
def test_api_is_called_to_retrieve_org_policies(self): """Test that api is called to retrieve org policies.""" self.mock_dao.get_organizations.return_value = [ organization.Organization(self.pipeline.configs['organization_id'])] self.pipeline._retrieve() self.pipeline.api_client.get_org_iam_policies.assert_called_once_with( self.pipeline.RESOURCE_NAME, self.pipeline.configs['organization_id'])
def test_get_org_policies_works(self, mock_dao): """Test that get_org_policies() works.""" fake_policies = [{ organization.Organization('11111'): { 'role': 'roles/a', 'members': ['user:[email protected]', 'group:[email protected]'] } }] mock_dao.OrganizationDao({}).get_org_iam_policies.return_value = ( fake_policies) policies = self.scanner._get_org_iam_policies() self.assertEqual(fake_policies, policies)
def test_get_org_policies_works(self, mock_get_org_iam, mock_conn): """Test that get_org_policies() works.""" org_policies = [{ organization.Organization('11111'): { 'role': 'roles/a', 'members': ['user:[email protected]', 'group:[email protected]'] } }] mock_get_org_iam.return_value = org_policies actual = self.irs.IamPolicyScanner( self.fake_timestamp)._get_org_policies() mock_get_org_iam.assert_called_once_with('organizations', self.fake_timestamp) self.assertEqual(org_policies, actual)
def get_organizations(self, resource_name, timestamp): """Get organizations from snapshot table. Args: timestamp: The timestamp of the snapshot. Returns: A list of Organizations. """ query = select_data.ORGANIZATIONS.format(timestamp) rows = self.execute_sql_with_fetch(resource_name, query, ()) orgs = [] for row in rows: org = organization.Organization( organization_id=row['org_id'], display_name=row['display_name'], lifecycle_state=row['lifecycle_state']) orgs.append(org) return orgs
def get_organization(self, org_id, timestamp): """Get an organization from the database snapshot. Args: org_id (int): The Organization to retrieve. timestamp (str): The timestamp of the snapshot. Returns: Organization: An Organization from the database snapshot. Raises: MySQLError: If there was an error getting the organization. """ query = select_data.ORGANIZATION_BY_ID.format(timestamp) rows = self.execute_sql_with_fetch('organization', query, (org_id, )) if rows: return organization.Organization( organization_id=rows[0]['org_id'], display_name=rows[0]['display_name'], lifecycle_state=rows[0]['lifecycle_state']) return None
def test_get_organization(self): """Test that get_organization() returns expected data. Setup: Create magic mock for execute_sql_with_fetch(). Create fake row of org data. Expect: * get_organization() call returns expected data: a single Organization. """ fake_org = self.fake_orgs_db_rows[0] self.fetch_mock.return_value = [fake_org] org_id = fake_org['org_id'] org = self.org_dao.get_organization(org_id, self.fake_timestamp) expected_org = organization.Organization( fake_org['org_id'], display_name=fake_org['display_name'], lifecycle_state=fake_org['lifecycle_state']) self.assertEqual(expected_org, org)
def find_ancestors(self, resource_id, snapshot_timestamp=0): return [organization_type.Organization(organization_id=123456)]