/
fetch_aws_keys_test.go
109 lines (81 loc) 路 2.85 KB
/
fetch_aws_keys_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
package keynuker
import (
"encoding/json"
"log"
"testing"
"os"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/iam"
"github.com/stretchr/testify/assert"
"github.com/tleyden/keynuker/keynuker-go-common"
)
//go:generate goautomock -template=testify -pkg github.com/aws/aws-sdk-go/service/iam/iamiface IAMAPI
func TestFetchIAMUsers(t *testing.T) {
mockIAMService := NewIAMAPIMock()
// -------------------- Setup mock: 1st invocation ------------------------------
listUsersInputFirstInvocation := &iam.ListUsersInput{
MaxItems: aws.Int64(1000),
}
// Create mock output with IsTruncated = true, meaning our code should make another request
// to get the rest of the output
mockListUsersOutputFirstInvocation := &iam.ListUsersOutput{
IsTruncated: aws.Bool(true),
Users: []*iam.User{
{
UserId: aws.String("fakeuser"),
},
},
Marker: aws.String("2"),
}
mockIAMService.On("ListUsers", listUsersInputFirstInvocation).Return(
mockListUsersOutputFirstInvocation,
nil,
).Once()
// -------------------- Setup mock: 2nd invocation ------------------------------
listUsersInputSecondInvocation := &iam.ListUsersInput{
MaxItems: aws.Int64(1000),
Marker: aws.String("2"),
}
// Create mock output with IsTruncated = true, meaning our code should make another request
// to get the rest of the output
mockListUsersOutputSecondInvocation := &iam.ListUsersOutput{
IsTruncated: aws.Bool(false),
Users: []*iam.User{
{
UserId: aws.String("fakeuser2"),
},
},
}
mockIAMService.On("ListUsers", listUsersInputSecondInvocation).Return(
mockListUsersOutputSecondInvocation,
nil,
).Once()
// -------------------- Invoke API call ------------------------------
users, err := FetchIAMUsers(mockIAMService)
assert.NoError(t, err, "Unexpected error")
assert.Equal(t, 2, len(users))
}
func TestFetchAwsKeysViaSTSAssumeRole(t *testing.T) {
SkipIfIntegrationsTestsNotEnabled(t)
targetAwsAccounts, err := GetTargetAwsAccountsFromEnv()
if err != nil {
t.Skip("Error getting target aws accounts from env: %v", err)
}
initiatingAwsAcctCredsRaw, ok := os.LookupEnv(keynuker_go_common.EnvVarKeyNukerInitiatingAwsAccountCreds)
if !ok {
t.Fatalf("You must define environment variable %s", keynuker_go_common.EnvVarKeyNukerInitiatingAwsAccountCreds)
}
initiatingAwsAcctCreds := AwsCredentials{}
if err := json.Unmarshal([]byte(initiatingAwsAcctCredsRaw), &initiatingAwsAcctCreds); err != nil {
t.Fatalf("Error unmarshalling creds. Err: %v", err)
}
params := ParamsFetchAwsKeys{
KeyNukerOrg: "default",
TargetAwsAccounts: targetAwsAccounts,
InitiatingAwsAccountAssumeRole: initiatingAwsAcctCreds,
}
doc, err := FetchAwsKeys(params)
assert.NoError(t, err, "Unexpected Error")
marshalled, err := json.MarshalIndent(doc, "", " ")
log.Printf("FetchedAwsKeys: %v", string(marshalled))
}