def test_make_kms_key(self, mock_boto): mock_client = mock.Mock() mock_client.create_key.return_value = { 'KeyMetadata': { 'KeyId': '12345' } } mock_boto.return_value = mock_client os.environ['ARN_PREFIX'] = "arn:aws:iam::None" handler.troubleshoot( { "action": "make_kms_key", "key_project": "WQP-EXTERNAL", "key_stage": "TEST" }, self.context) mock_client.create_key.assert_called_once_with( Description='IOW WQP-EXTERNAL TEST key', KeyUsage='ENCRYPT_DECRYPT', Origin='AWS_KMS', Tags=[{ 'TagKey': 'wma:organization', 'TagValue': 'IOW' }]) mock_client.create_alias.assert_called_once_with( AliasName='alias/IOW-WQP-EXTERNAL-TEST', TargetKeyId='12345')
def test_change_secret_kms_key(self, mock_boto): handler.troubleshoot( { "action": "change_secret_kms_key", "new_kms_key": "my_kms_key_id", "secret_id": "my_secret_id" }, self.context) mock_boto.update_secret.assert_called_once_with( SecretId='my_secret_id', KmsKeyId='my_kms_key_id')
def test_purge_queue(self, mock_boto): os.environ['AWS_DEPLOYMENT_REGION'] = 'us-west-2' mock_client = mock.MagicMock() mock_client.purge_queue.return_value = None mock_boto.return_value = mock_client handler.troubleshoot( {"action": "purge_queues"}, self.context ) self.assertEqual(mock_client.purge_queue.call_count, 2)
def test_troubleshoot_start(self, mock_boto): mock_client = mock.Mock() my_mock_db_clusters = self.mock_db_clusters mock_client.describe_db_clusters.return_value = my_mock_db_clusters mock_boto.return_value = mock_client stage = 'TEST' my_mock_db_clusters['DBClusters'][0]['DBClusterIdentifier'] = DB[stage] my_mock_db_clusters['DBClusters'][0]['Status'] = 'stopped' mock_client.describe_db_clusters.return_value = my_mock_db_clusters mock_client.start_db_cluster.return_value = {DB[stage]} os.environ['STAGE'] = stage handler.troubleshoot({"action": "start_capture_db"}, self.context) mock_client.describe_db_clusters.assert_called_once() mock_client.start_db_cluster.assert_called_once_with(DBClusterIdentifier='nwcapture-test')
def test_create_create_security_group(self, mock_boto, mock_resource): os.environ['AWS_DEPLOYMENT_REGION'] = 'us-west-2' mock_client = mock.Mock() mock_client.create_security_group.return_value = {'GroupId': 'f12345'} mock_boto.return_value = mock_client handler.troubleshoot( { "action": "create_fargate_security_group", "description": "test security group", "group_name": "my group", "vpc_id": "fsa12345" }, self.context) mock_client.create_security_group.assert_called_once_with( Description='test security group', GroupName='my group', VpcId='fsa12345')
def test_change_kms_key_policy(self, mock_boto): mock_client = mock.Mock() os.environ['ACCOUNT_ID'] = 'my_account_id' mock_client.put_key_policy.return_value = { 'KeyMetadata': { 'KeyId': '12345' } } mock_boto.return_value = mock_client handler.troubleshoot( {"action": "change_kms_key_policy", "key_id": "key123"}, self.context) mock_client.put_key_policy.assert_called_once_with( KeyId='key123', PolicyName='default', Policy='{"Version": "2012-10-17", "Id": "key-consolepolicy-3", "Statement": [{"Sid": "Enable IAM User Permissions", "Effect": "Allow", "Principal": {"AWS": "arn:aws:iam::my_account_id:root"}, "Action": "kms:*", "Resource": "*"}, {"Sid": "Allow access for Key Administrators", "Effect": "Allow", "Principal": {"AWS": "arn:aws:iam::my_account_id:role/Ec2-Role"}, "Action": ["kms:Create*", "kms:Describe*", "kms:Enable*", "kms:List*", "kms:Put*", "kms:Update*", "kms:Revoke*", "kms:Disable*", "kms:Get*", "kms:Delete*", "kms:TagResource", "kms:UntagResource", "kms:ScheduleKeyDeletion", "kms:CancelKeyDeletion"], "Resource": "*"}, {"Sid": "Allow use of the key", "Effect": "Allow", "Principal": {"AWS": ["arn:aws:iam::my_account_id:role/adfs-developers", "arn:aws:iam::my_account_id:role/adfs-app-operations", "arn:aws:iam::my_account_id:role/Ec2-Role"]}, "Action": ["kms:Encrypt", "kms:Decrypt", "kms:ReEncrypt*", "kms:GenerateDataKey*", "kms:DescribeKey"], "Resource": "*"}, {"Sid": "Allow attachment of persistent resources", "Effect": "Allow", "Principal": {"AWS": "arn:aws:iam::my_account_id:role/Ec2-Role"}, "Action": ["kms:CreateGrant", "kms:ListGrants", "kms:RevokeGrant"], "Resource": "*", "Condition": {"Bool": {"kms:GrantIsForAWSResource": "true"}}}]}' )
def test_create_efs_access_point(self, mock_boto): mock_client = mock.Mock() mock_client.create_access_point.return_value = \ { 'AccessPointId': 'mynewaccesspointid', } mock_boto.return_value = mock_client handler.troubleshoot( {"action": "create_access_point", "file_system_id": "my_file_system_id"}, self.context ) mock_client.create_access_point.assert_called_once_with( ClientToken='iow-geoserver-test', Tags=[{'Key': 'wma:organization', 'Value': 'IOW'}, {'Key': 'Name', 'Value': 'iow-geoserver-test'}], FileSystemId='my_file_system_id', PosixUser={'Uid': 1001, 'Gid': 1001, 'SecondaryGids': []}, RootDirectory={'Path': '/data', 'CreationInfo': {'OwnerUid': 1001, 'OwnerGid': 1001, 'Permissions': '0777'}} )
def test_create_efs_access_point(self, mock_purge): handler.troubleshoot({"action": "purge_queues"}, self.context) self.assertEqual(mock_purge.purge_queue.call_count, 2)
def test_troubleshoot_start_bad_actions(self, mock_rds): with self.assertRaises(Exception) as context: handler.troubleshoot({}, self.context) with self.assertRaises(Exception) as context: handler.troubleshoot({"action": "unknown"}, self.context)