def test_org_cache():
MockOrganization().simple()
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org._load_client()
org._load_org()
org._load_accounts()
org._load_org_units()
org._save_cached_org_to_file()
assert os.path.exists(org._cache_file)
org.clear_cache()
assert not os.path.exists(org._cache_file)
assert not os.path.exists(org._cache_dir)
#os.remove(org._cache_file)
with pytest.raises(RuntimeError) as e:
loaded_dump = org._get_cached_org_from_file()
assert str(e.value) == 'Cache file not found'
org._save_cached_org_to_file()
timestamp = os.path.getmtime(org._cache_file) - 3600
os.utime(org._cache_file,(timestamp,timestamp))
with pytest.raises(RuntimeError) as e:
loaded_dump = org._get_cached_org_from_file()
assert str(e.value) == 'Cache file too old'
org._save_cached_org_to_file()
org_dump = org.dump()
loaded_dump = org._get_cached_org_from_file()
assert loaded_dump == org_dump
org_from_cache = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org_from_cache._load_org_dump(loaded_dump)
assert org.dump() == org_from_cache.dump()
def test_org_cache():
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org_id, root_id = build_mock_org(SIMPLE_ORG_SPEC)
org._load_client()
org._load_org()
org._load_accounts()
org._load_org_units()
org._save_cached_org_to_file()
assert os.path.exists(org._cache_file)
os.remove(org._cache_file)
with pytest.raises(RuntimeError) as e:
loaded_dump = org._get_cached_org_from_file()
assert str(e.value) == 'Cache file not found'
org._save_cached_org_to_file()
timestamp = os.path.getmtime(org._cache_file) - 3600
os.utime(org._cache_file,(timestamp,timestamp))
with pytest.raises(RuntimeError) as e:
loaded_dump = org._get_cached_org_from_file()
assert str(e.value) == 'Cache file too old'
org._save_cached_org_to_file()
org_dump = org.dump()
loaded_dump = org._get_cached_org_from_file()
assert loaded_dump == org_dump
org_from_cache = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org_from_cache._load_org_dump(loaded_dump)
assert org.dump() == org_from_cache.dump()
def test_load():
mock_org = MockOrganization()
mock_org.simple()
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org.clear_cache()
assert not os.path.exists(org._cache_dir)
assert not os.path.exists(org._cache_file)
org.load()
assert os.path.exists(org._cache_file)
assert org.id == mock_org.org_id
assert org.root_id == mock_org.root_id
assert len(org.accounts) == 3
assert len(org.org_units) == 6
assert len(org.policies) == 3
for ou in org.org_units:
for policy_id in ou.attached_policy_ids:
assert policy_id in [p.id for p in org.policies]
for account in org.accounts:
for policy_id in account.attached_policy_ids:
assert policy_id in [p.id for p in org.policies]
for policy in org.policies:
for target in policy.targets:
if target['Type'] == 'ROOT':
assert target['TargetId'] == mock_org.root_id
elif target['Type'] == 'ORGANIZATIONAL_UNIT':
assert target['TargetId'] in [ou.id for ou in org.org_units]
elif target['Type'] == 'ACCOUNT':
assert target['TargetId'] in [a.id for a in org.accounts]
org_from_cache = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org_from_cache.load()
assert org.dump() == org_from_cache.dump()
org.clear_cache()
def test_get_or_update_accounts():
MockOrganization().complex()
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org.load()
crawler = crawlers.Crawler(org)
assert crawler.get_accounts() == crawler.accounts
crawler.update_accounts('account01')
assert len(crawler.accounts) == 1
assert isinstance(crawler.accounts[0], orgs.OrgAccount)
assert crawler.accounts[0].name == 'account01'
crawler.update_accounts(['account01', 'account02'])
assert len(crawler.accounts) == 2
assert isinstance(crawler.accounts[0], orgs.OrgAccount)
assert isinstance(crawler.accounts[1], orgs.OrgAccount)
assert crawler.accounts[0].name == 'account01'
assert crawler.accounts[1].name == 'account02'
crawler.update_accounts('ALL')
assert crawler.accounts == crawler.org.accounts
crawler.update_accounts([])
assert len(crawler.accounts) == 0
crawler.update_accounts(None)
assert len(crawler.accounts) == 0
crawler.update_accounts(None)
with pytest.raises(ValueError) as e:
crawler.update_accounts('')
with pytest.raises(ValueError) as e:
crawler.update_accounts(1234)
with pytest.raises(ValueError) as e:
crawler.update_accounts(dict())
def test_load_org():
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
client = org._get_org_client()
client.create_organization(FeatureSet='ALL')
org._load_client()
org._load_org()
assert org.id is not None
assert org.root_id is not None
def build_mock_org(spec):
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
client = org._get_org_client()
client.create_organization(FeatureSet='ALL')
org_id = client.describe_organization()['Organization']['Id']
root_id = client.list_roots()['Roots'][0]['Id']
mock_org_from_spec(client, root_id, root_id, yaml.load(spec)['root'])
return (org_id, root_id)
def test_get_policy_id_by_name():
MockOrganization().complex()
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org.load()
policy_id = org.get_policy_id_by_name('policy01')
assert isinstance(policy_id, str)
assert policy_id == org.get_policy('policy01').id
assert org.get_policy_id_by_name('BLEE') is None
org.clear_cache()
def test_load_org_units():
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org_id, root_id = build_mock_org(SIMPLE_ORG_SPEC)
org._load_client()
org._load_org()
org._load_org_units()
assert len(org.org_units) == 6
for ou in org.org_units:
assert isinstance(ou, orgs.OrganizationalUnit)
def test_load_policies():
MockOrganization().simple()
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org._load_client()
org._load_org()
org._load_policies()
assert len(org.policies) == 3
for policy in org.policies:
assert isinstance(policy, orgs.OrgPolicy)
def test_load_accounts():
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org_id, root_id = build_mock_org(SIMPLE_ORG_SPEC)
org._load_client()
org._load_org()
org._load_accounts()
assert len(org.accounts) == 3
assert isinstance(org.accounts[0], orgs.OrgAccount)
assert org.accounts[0].parent_id == org.root_id
def test_load_accounts():
MockOrganization().simple()
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org._load_client()
org._load_org()
org._load_accounts()
assert len(org.accounts) == 3
assert isinstance(org.accounts[0], orgs.OrgAccount)
assert org.accounts[0].parent_id == org.root_id
def test_load_org_units():
MockOrganization().simple()
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org._load_client()
org._load_org()
org._load_org_units()
assert len(org.org_units) == 6
for ou in org.org_units:
assert isinstance(ou, orgs.OrganizationalUnit)
def test_load():
org_id, root_id = build_mock_org(SIMPLE_ORG_SPEC)
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
clean_up()
assert not os.path.exists(org._cache_dir)
assert not os.path.exists(org._cache_file)
org.load()
print(org._cache_file)
assert os.path.exists(org._cache_file)
assert org.id == org_id
assert org.root_id == root_id
assert len(org.accounts) == 3
assert len(org.org_units) == 6
org_from_cache = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org_from_cache.load()
assert org.dump() == org_from_cache.dump()
clean_up()
def test_jsonfmt():
account = orgs.OrgAccount(
orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE),
name='account01',
id='112233445566',
email='*****@*****.**',
)
output = orgquery.jsonfmt(account)
assert isinstance(output, str)
def test_get_org_unit_id():
org_id, root_id = build_mock_org(SIMPLE_ORG_SPEC)
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org.load()
ou = org.org_units[0]
assert ou.id == org.get_org_unit_id(ou)
assert ou.id == org.get_org_unit_id(ou.id)
assert ou.id == org.get_org_unit_id(ou.name)
clean_up()
def test_handle_nexttoken_and_retries():
def mock_function_set_next_token(**kwargs):
if not kwargs.get('NextToken'):
return {'mock-key': ['1st-pass'], 'NextToken': 'mock-token-str'}
else:
return {'mock-key': ['2nd-pass']}
def mock_function_raise_client_error(error_code):
raise ClientError(
{
'Error': {
'Code': error_code
},
},
'mock_function',
)
def mock_function_raise_value_error():
raise ValueError('this is a value error')
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
collector = utils.handle_nexttoken_and_retries(
obj=org,
collector_key='mock-key',
function=mock_function_set_next_token,
kwargs=dict(),
)
assert collector == ['1st-pass', '2nd-pass']
exception_name = 'TooManyRequestsException'
with pytest.raises(ClientError) as e:
collector = utils.handle_nexttoken_and_retries(
obj=org,
collector_key='mock-key',
function=mock_function_raise_client_error,
kwargs=dict(error_code=exception_name),
)
assert e.value.response['Error']['Code'] == exception_name
exception_name = 'SomeOtherException'
with pytest.raises(ClientError) as e:
collector = utils.handle_nexttoken_and_retries(
obj=org,
collector_key='mock-key',
function=mock_function_raise_client_error,
kwargs=dict(error_code=exception_name),
)
assert e.value.response['Error']['Code'] == exception_name
with pytest.raises(ValueError) as e:
collector = utils.handle_nexttoken_and_retries(
obj=org,
collector_key='mock-key',
function=mock_function_raise_value_error,
kwargs=dict(),
)
def test_get_account():
MockOrganization().simple()
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org.load()
account = org.get_account('account01')
assert isinstance(account, orgs.OrgAccount)
assert org.get_account(account) == account
assert account.name == 'account01'
assert account.id == org.get_account_id_by_name('account01')
org.clear_cache()
def test_get_account_id_by_name():
MockOrganization().simple()
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org.load()
account_id = org.get_account_id_by_name('account01')
accounts_by_boto_client = org.client.list_accounts()['Accounts']
assert account_id == next((
a['Id'] for a in accounts_by_boto_client if a['Name'] == 'account01'
), None)
org.clear_cache()
def test_crawler_execution_init():
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org_id, root_id = build_mock_org(SIMPLE_ORG_SPEC)
org.load()
execution = crawlers.CrawlerExecution(get_account_alias)
assert isfunction(execution.payload)
assert execution.name == 'get_account_alias'
assert execution.responses == []
assert isinstance(execution.timer, crawlers.CrawlerTimer)
assert isinstance(execution.dump(), dict)
def test_get_org_unit_id():
MockOrganization().simple()
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org.load()
ou = org.org_units[0]
assert ou.id == org.get_org_unit_id(ou)
assert ou.id == org.get_org_unit_id(ou.id)
assert ou.id == org.get_org_unit_id(ou.name)
assert org.get_org_unit_id('Blee') is None
org.clear_cache()
def test_list_policies_by_name():
MockOrganization().complex()
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org.load()
response = org.list_policies_by_name()
print(response)
assert len(response) == 6
for name in response:
assert name.startswith('policy')
org.clear_cache()
def test_load_account_credentials():
MockOrganization().complex()
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org.load()
crawler = crawlers.Crawler(org)
crawler.load_account_credentials()
assert isinstance(crawler.accounts, list)
assert len(crawler.accounts) == len(org.accounts)
for account in crawler.accounts:
assert isinstance(account.credentials, dict)
def test_get_account_id_by_name():
org_id, root_id = build_mock_org(SIMPLE_ORG_SPEC)
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org.load()
account_id = org.get_account_id_by_name('account01')
accounts_by_boto_client = org._client.list_accounts()['Accounts']
assert account_id == next((
a['Id'] for a in accounts_by_boto_client if a['Name'] == 'account01'
), None)
clean_up()
def test_get_account():
org_id, root_id = build_mock_org(SIMPLE_ORG_SPEC)
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org.load()
account = org.get_account('account01')
assert isinstance(account, orgs.OrgAccount)
assert org.get_account(account) == account
assert account.name == 'account01'
assert account.id == org.get_account_id_by_name('account01')
clean_up()
def test_crawler_response_init():
MockOrganization().simple()
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org.load()
response = crawlers.CrawlerResponse('us-east-1', org.accounts[0])
assert response.region == 'us-east-1'
assert isinstance(response.account, orgs.OrgAccount)
assert response.payload_output is None
assert isinstance(response.timer, crawlers.CrawlerTimer)
assert isinstance(response.dump(), dict)
def test_crawler_response_init():
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org_id, root_id = build_mock_org(SIMPLE_ORG_SPEC)
org.load()
response = crawlers.CrawlerResponse('us-east-1', org.accounts[0])
assert response.region == 'us-east-1'
assert isinstance(response.account, orgs.OrgAccount)
assert response.payload_output is None
assert isinstance(response.timer, crawlers.CrawlerTimer)
assert isinstance(response.dump(), dict)
def test_list_policies_by_id():
MockOrganization().complex()
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org.load()
response = org.list_policies_by_id()
print(response)
assert len(response) == 6
for policy_id in response:
assert re.compile(r'p-[a-z0-9]{8}').match(policy_id)
org.clear_cache()
def test_crawler_execution_init():
MockOrganization().simple()
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org.load()
execution = crawlers.CrawlerExecution(get_mock_account_alias)
assert isfunction(execution.payload)
assert execution.name == 'get_mock_account_alias'
assert execution.responses == []
assert isinstance(execution.timer, crawlers.CrawlerTimer)
assert isinstance(execution.dump(), dict)
def test_get_policy_name_by_id():
MockOrganization().complex()
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org.load()
policy_id = org.get_policy_id_by_name('policy01')
response = org.get_policy_name_by_id(policy_id)
assert isinstance(response, str)
assert response == 'policy01'
assert org.get_policy_name_by_id('BLEE') is None
org.clear_cache()
def test_load_account_credentials():
org = orgs.Org(MASTER_ACCOUNT_ID, ORG_ACCESS_ROLE)
org_id, root_id = build_mock_org(COMPLEX_ORG_SPEC)
org.load()
crawler = crawlers.Crawler(org)
crawler.load_account_credentials()
assert isinstance(crawler.accounts, list)
assert len(crawler.accounts) == len(org.accounts)
for account in crawler.accounts:
assert isinstance(account.credentials, dict)
