| 
									
										
										
										
											2018-07-14 11:35:37 -07:00
										 |  |  | from __future__ import unicode_literals | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | import boto3 | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  | import json | 
					
						
							|  |  |  | import six | 
					
						
							| 
									
										
										
										
											2019-11-17 14:52:57 +01:00
										 |  |  | import sure  # noqa | 
					
						
							| 
									
										
										
										
											2018-07-20 13:54:53 -07:00
										 |  |  | from botocore.exceptions import ClientError | 
					
						
							|  |  |  | from nose.tools import assert_raises | 
					
						
							| 
									
										
										
										
											2018-07-14 11:35:37 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  | from moto import mock_organizations | 
					
						
							| 
									
										
										
										
											2018-07-20 13:54:53 -07:00
										 |  |  | from moto.organizations import utils | 
					
						
							| 
									
										
										
										
											2018-07-19 11:50:24 -07:00
										 |  |  | from .organizations_test_utils import ( | 
					
						
							|  |  |  |     validate_organization, | 
					
						
							|  |  |  |     validate_roots, | 
					
						
							|  |  |  |     validate_organizational_unit, | 
					
						
							|  |  |  |     validate_account, | 
					
						
							|  |  |  |     validate_create_account_status, | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  |     validate_service_control_policy, | 
					
						
							|  |  |  |     validate_policy_summary, | 
					
						
							| 
									
										
										
										
											2018-07-14 11:35:37 -07:00
										 |  |  | ) | 
					
						
							| 
									
										
										
										
											2018-07-14 13:23:15 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-07-14 11:35:37 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  | @mock_organizations | 
					
						
							|  |  |  | def test_create_organization(): | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     client = boto3.client("organizations", region_name="us-east-1") | 
					
						
							|  |  |  |     response = client.create_organization(FeatureSet="ALL") | 
					
						
							| 
									
										
										
										
											2018-07-14 11:35:37 -07:00
										 |  |  |     validate_organization(response) | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     response["Organization"]["FeatureSet"].should.equal("ALL") | 
					
						
							| 
									
										
										
										
											2018-07-14 11:35:37 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-08-06 15:44:49 -07:00
										 |  |  |     response = client.list_accounts() | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     len(response["Accounts"]).should.equal(1) | 
					
						
							|  |  |  |     response["Accounts"][0]["Name"].should.equal("master") | 
					
						
							|  |  |  |     response["Accounts"][0]["Id"].should.equal(utils.MASTER_ACCOUNT_ID) | 
					
						
							|  |  |  |     response["Accounts"][0]["Email"].should.equal(utils.MASTER_ACCOUNT_EMAIL) | 
					
						
							| 
									
										
										
										
											2019-08-06 15:44:49 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     response = client.list_policies(Filter="SERVICE_CONTROL_POLICY") | 
					
						
							|  |  |  |     len(response["Policies"]).should.equal(1) | 
					
						
							|  |  |  |     response["Policies"][0]["Name"].should.equal("FullAWSAccess") | 
					
						
							|  |  |  |     response["Policies"][0]["Id"].should.equal(utils.DEFAULT_POLICY_ID) | 
					
						
							|  |  |  |     response["Policies"][0]["AwsManaged"].should.equal(True) | 
					
						
							| 
									
										
										
										
											2019-08-06 15:44:49 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  |     response = client.list_targets_for_policy(PolicyId=utils.DEFAULT_POLICY_ID) | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     len(response["Targets"]).should.equal(2) | 
					
						
							|  |  |  |     root_ou = [t for t in response["Targets"] if t["Type"] == "ROOT"][0] | 
					
						
							|  |  |  |     root_ou["Name"].should.equal("Root") | 
					
						
							|  |  |  |     master_account = [t for t in response["Targets"] if t["Type"] == "ACCOUNT"][0] | 
					
						
							|  |  |  |     master_account["Name"].should.equal("master") | 
					
						
							| 
									
										
										
										
											2019-08-06 15:44:49 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-07-14 13:23:15 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-07-14 11:35:37 -07:00
										 |  |  | @mock_organizations | 
					
						
							|  |  |  | def test_describe_organization(): | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     client = boto3.client("organizations", region_name="us-east-1") | 
					
						
							|  |  |  |     client.create_organization(FeatureSet="ALL") | 
					
						
							| 
									
										
										
										
											2018-07-14 11:35:37 -07:00
										 |  |  |     response = client.describe_organization() | 
					
						
							|  |  |  |     validate_organization(response) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-10-08 15:27:19 -07:00
										 |  |  | @mock_organizations | 
					
						
							|  |  |  | def test_describe_organization_exception(): | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     client = boto3.client("organizations", region_name="us-east-1") | 
					
						
							| 
									
										
										
										
											2018-10-08 15:27:19 -07:00
										 |  |  |     with assert_raises(ClientError) as e: | 
					
						
							|  |  |  |         response = client.describe_organization() | 
					
						
							|  |  |  |     ex = e.exception | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     ex.operation_name.should.equal("DescribeOrganization") | 
					
						
							|  |  |  |     ex.response["Error"]["Code"].should.equal("400") | 
					
						
							|  |  |  |     ex.response["Error"]["Message"].should.contain("AWSOrganizationsNotInUseException") | 
					
						
							| 
									
										
										
										
											2018-10-08 15:27:19 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-07-15 11:49:26 -07:00
										 |  |  | # Organizational Units | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-07-15 10:31:16 -07:00
										 |  |  | @mock_organizations | 
					
						
							|  |  |  | def test_list_roots(): | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     client = boto3.client("organizations", region_name="us-east-1") | 
					
						
							|  |  |  |     org = client.create_organization(FeatureSet="ALL")["Organization"] | 
					
						
							| 
									
										
										
										
											2018-07-15 10:31:16 -07:00
										 |  |  |     response = client.list_roots() | 
					
						
							| 
									
										
										
										
											2018-07-19 11:50:24 -07:00
										 |  |  |     validate_roots(org, response) | 
					
						
							| 
									
										
										
										
											2018-07-15 10:31:16 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-07-15 11:49:26 -07:00
										 |  |  | @mock_organizations | 
					
						
							|  |  |  | def test_create_organizational_unit(): | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     client = boto3.client("organizations", region_name="us-east-1") | 
					
						
							|  |  |  |     org = client.create_organization(FeatureSet="ALL")["Organization"] | 
					
						
							|  |  |  |     root_id = client.list_roots()["Roots"][0]["Id"] | 
					
						
							|  |  |  |     ou_name = "ou01" | 
					
						
							|  |  |  |     response = client.create_organizational_unit(ParentId=root_id, Name=ou_name) | 
					
						
							| 
									
										
										
										
											2018-07-15 13:58:27 -07:00
										 |  |  |     validate_organizational_unit(org, response) | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     response["OrganizationalUnit"]["Name"].should.equal(ou_name) | 
					
						
							| 
									
										
										
										
											2018-07-15 11:49:26 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_organizations | 
					
						
							|  |  |  | def test_describe_organizational_unit(): | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     client = boto3.client("organizations", region_name="us-east-1") | 
					
						
							|  |  |  |     org = client.create_organization(FeatureSet="ALL")["Organization"] | 
					
						
							|  |  |  |     root_id = client.list_roots()["Roots"][0]["Id"] | 
					
						
							|  |  |  |     ou_id = client.create_organizational_unit(ParentId=root_id, Name="ou01")[ | 
					
						
							|  |  |  |         "OrganizationalUnit" | 
					
						
							|  |  |  |     ]["Id"] | 
					
						
							| 
									
										
										
										
											2018-07-15 13:58:27 -07:00
										 |  |  |     response = client.describe_organizational_unit(OrganizationalUnitId=ou_id) | 
					
						
							|  |  |  |     validate_organizational_unit(org, response) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-07-20 13:54:53 -07:00
										 |  |  | @mock_organizations | 
					
						
							|  |  |  | def test_describe_organizational_unit_exception(): | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     client = boto3.client("organizations", region_name="us-east-1") | 
					
						
							|  |  |  |     org = client.create_organization(FeatureSet="ALL")["Organization"] | 
					
						
							| 
									
										
										
										
											2018-07-20 13:54:53 -07:00
										 |  |  |     with assert_raises(ClientError) as e: | 
					
						
							|  |  |  |         response = client.describe_organizational_unit( | 
					
						
							|  |  |  |             OrganizationalUnitId=utils.make_random_root_id() | 
					
						
							|  |  |  |         ) | 
					
						
							|  |  |  |     ex = e.exception | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     ex.operation_name.should.equal("DescribeOrganizationalUnit") | 
					
						
							|  |  |  |     ex.response["Error"]["Code"].should.equal("400") | 
					
						
							|  |  |  |     ex.response["Error"]["Message"].should.contain( | 
					
						
							|  |  |  |         "OrganizationalUnitNotFoundException" | 
					
						
							|  |  |  |     ) | 
					
						
							| 
									
										
										
										
											2018-07-20 13:54:53 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-07-15 13:58:27 -07:00
										 |  |  | @mock_organizations | 
					
						
							|  |  |  | def test_list_organizational_units_for_parent(): | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     client = boto3.client("organizations", region_name="us-east-1") | 
					
						
							|  |  |  |     org = client.create_organization(FeatureSet="ALL")["Organization"] | 
					
						
							|  |  |  |     root_id = client.list_roots()["Roots"][0]["Id"] | 
					
						
							|  |  |  |     client.create_organizational_unit(ParentId=root_id, Name="ou01") | 
					
						
							|  |  |  |     client.create_organizational_unit(ParentId=root_id, Name="ou02") | 
					
						
							|  |  |  |     client.create_organizational_unit(ParentId=root_id, Name="ou03") | 
					
						
							| 
									
										
										
										
											2018-07-15 13:58:27 -07:00
										 |  |  |     response = client.list_organizational_units_for_parent(ParentId=root_id) | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     response.should.have.key("OrganizationalUnits").should.be.a(list) | 
					
						
							|  |  |  |     for ou in response["OrganizationalUnits"]: | 
					
						
							| 
									
										
										
										
											2018-07-15 13:58:27 -07:00
										 |  |  |         validate_organizational_unit(org, dict(OrganizationalUnit=ou)) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-07-20 13:54:53 -07:00
										 |  |  | @mock_organizations | 
					
						
							|  |  |  | def test_list_organizational_units_for_parent_exception(): | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     client = boto3.client("organizations", region_name="us-east-1") | 
					
						
							| 
									
										
										
										
											2018-07-20 13:54:53 -07:00
										 |  |  |     with assert_raises(ClientError) as e: | 
					
						
							|  |  |  |         response = client.list_organizational_units_for_parent( | 
					
						
							|  |  |  |             ParentId=utils.make_random_root_id() | 
					
						
							|  |  |  |         ) | 
					
						
							|  |  |  |     ex = e.exception | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     ex.operation_name.should.equal("ListOrganizationalUnitsForParent") | 
					
						
							|  |  |  |     ex.response["Error"]["Code"].should.equal("400") | 
					
						
							|  |  |  |     ex.response["Error"]["Message"].should.contain("ParentNotFoundException") | 
					
						
							| 
									
										
										
										
											2018-07-20 13:54:53 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-07-15 11:49:26 -07:00
										 |  |  | # Accounts | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  | mockname = "mock-account" | 
					
						
							|  |  |  | mockdomain = "moto-example.org" | 
					
						
							|  |  |  | mockemail = "@".join([mockname, mockdomain]) | 
					
						
							| 
									
										
										
										
											2018-07-14 11:35:37 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-07-14 13:23:15 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-07-14 11:35:37 -07:00
										 |  |  | @mock_organizations | 
					
						
							|  |  |  | def test_create_account(): | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     client = boto3.client("organizations", region_name="us-east-1") | 
					
						
							|  |  |  |     client.create_organization(FeatureSet="ALL") | 
					
						
							|  |  |  |     create_status = client.create_account(AccountName=mockname, Email=mockemail)[ | 
					
						
							|  |  |  |         "CreateAccountStatus" | 
					
						
							|  |  |  |     ] | 
					
						
							| 
									
										
										
										
											2018-07-14 11:35:37 -07:00
										 |  |  |     validate_create_account_status(create_status) | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     create_status["AccountName"].should.equal(mockname) | 
					
						
							| 
									
										
										
										
											2018-07-14 11:35:37 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-07-14 13:23:15 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-11-06 20:43:21 +11:00
										 |  |  | @mock_organizations | 
					
						
							|  |  |  | def test_describe_create_account_status(): | 
					
						
							|  |  |  |     client = boto3.client("organizations", region_name="us-east-1") | 
					
						
							|  |  |  |     client.create_organization(FeatureSet="ALL")["Organization"] | 
					
						
							|  |  |  |     request_id = client.create_account(AccountName=mockname, Email=mockemail)[ | 
					
						
							|  |  |  |         "CreateAccountStatus" | 
					
						
							|  |  |  |     ]["Id"] | 
					
						
							|  |  |  |     response = client.describe_create_account_status(CreateAccountRequestId=request_id) | 
					
						
							|  |  |  |     validate_create_account_status(response["CreateAccountStatus"]) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-07-14 11:35:37 -07:00
										 |  |  | @mock_organizations | 
					
						
							|  |  |  | def test_describe_account(): | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     client = boto3.client("organizations", region_name="us-east-1") | 
					
						
							|  |  |  |     org = client.create_organization(FeatureSet="ALL")["Organization"] | 
					
						
							|  |  |  |     account_id = client.create_account(AccountName=mockname, Email=mockemail)[ | 
					
						
							|  |  |  |         "CreateAccountStatus" | 
					
						
							|  |  |  |     ]["AccountId"] | 
					
						
							| 
									
										
										
										
											2018-07-14 11:35:37 -07:00
										 |  |  |     response = client.describe_account(AccountId=account_id) | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     validate_account(org, response["Account"]) | 
					
						
							|  |  |  |     response["Account"]["Name"].should.equal(mockname) | 
					
						
							|  |  |  |     response["Account"]["Email"].should.equal(mockemail) | 
					
						
							| 
									
										
										
										
											2018-07-14 11:35:37 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-07-14 13:23:15 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-07-20 13:54:53 -07:00
										 |  |  | @mock_organizations | 
					
						
							|  |  |  | def test_describe_account_exception(): | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     client = boto3.client("organizations", region_name="us-east-1") | 
					
						
							| 
									
										
										
										
											2018-07-20 13:54:53 -07:00
										 |  |  |     with assert_raises(ClientError) as e: | 
					
						
							|  |  |  |         response = client.describe_account(AccountId=utils.make_random_account_id()) | 
					
						
							|  |  |  |     ex = e.exception | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     ex.operation_name.should.equal("DescribeAccount") | 
					
						
							|  |  |  |     ex.response["Error"]["Code"].should.equal("400") | 
					
						
							|  |  |  |     ex.response["Error"]["Message"].should.contain("AccountNotFoundException") | 
					
						
							| 
									
										
										
										
											2018-07-20 13:54:53 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-07-14 11:35:37 -07:00
										 |  |  | @mock_organizations | 
					
						
							|  |  |  | def test_list_accounts(): | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     client = boto3.client("organizations", region_name="us-east-1") | 
					
						
							|  |  |  |     org = client.create_organization(FeatureSet="ALL")["Organization"] | 
					
						
							| 
									
										
										
										
											2018-07-14 11:35:37 -07:00
										 |  |  |     for i in range(5): | 
					
						
							|  |  |  |         name = mockname + str(i) | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |         email = name + "@" + mockdomain | 
					
						
							| 
									
										
										
										
											2018-07-14 11:35:37 -07:00
										 |  |  |         client.create_account(AccountName=name, Email=email) | 
					
						
							|  |  |  |     response = client.list_accounts() | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     response.should.have.key("Accounts") | 
					
						
							|  |  |  |     accounts = response["Accounts"] | 
					
						
							| 
									
										
										
										
											2019-08-06 15:44:49 -07:00
										 |  |  |     len(accounts).should.equal(6) | 
					
						
							| 
									
										
										
										
											2018-07-14 11:35:37 -07:00
										 |  |  |     for account in accounts: | 
					
						
							|  |  |  |         validate_account(org, account) | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     accounts[4]["Name"].should.equal(mockname + "3") | 
					
						
							|  |  |  |     accounts[3]["Email"].should.equal(mockname + "2" + "@" + mockdomain) | 
					
						
							| 
									
										
										
										
											2018-07-15 15:25:34 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_organizations | 
					
						
							|  |  |  | def test_list_accounts_for_parent(): | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     client = boto3.client("organizations", region_name="us-east-1") | 
					
						
							|  |  |  |     org = client.create_organization(FeatureSet="ALL")["Organization"] | 
					
						
							|  |  |  |     root_id = client.list_roots()["Roots"][0]["Id"] | 
					
						
							|  |  |  |     account_id = client.create_account(AccountName=mockname, Email=mockemail)[ | 
					
						
							|  |  |  |         "CreateAccountStatus" | 
					
						
							|  |  |  |     ]["AccountId"] | 
					
						
							| 
									
										
										
										
											2018-07-15 15:25:34 -07:00
										 |  |  |     response = client.list_accounts_for_parent(ParentId=root_id) | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     account_id.should.be.within([account["Id"] for account in response["Accounts"]]) | 
					
						
							| 
									
										
										
										
											2018-07-15 15:25:34 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_organizations | 
					
						
							|  |  |  | def test_move_account(): | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     client = boto3.client("organizations", region_name="us-east-1") | 
					
						
							|  |  |  |     org = client.create_organization(FeatureSet="ALL")["Organization"] | 
					
						
							|  |  |  |     root_id = client.list_roots()["Roots"][0]["Id"] | 
					
						
							|  |  |  |     account_id = client.create_account(AccountName=mockname, Email=mockemail)[ | 
					
						
							|  |  |  |         "CreateAccountStatus" | 
					
						
							|  |  |  |     ]["AccountId"] | 
					
						
							|  |  |  |     ou01 = client.create_organizational_unit(ParentId=root_id, Name="ou01") | 
					
						
							|  |  |  |     ou01_id = ou01["OrganizationalUnit"]["Id"] | 
					
						
							| 
									
										
										
										
											2018-07-15 15:25:34 -07:00
										 |  |  |     client.move_account( | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |         AccountId=account_id, SourceParentId=root_id, DestinationParentId=ou01_id | 
					
						
							| 
									
										
										
										
											2018-07-15 15:25:34 -07:00
										 |  |  |     ) | 
					
						
							|  |  |  |     response = client.list_accounts_for_parent(ParentId=ou01_id) | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     account_id.should.be.within([account["Id"] for account in response["Accounts"]]) | 
					
						
							| 
									
										
										
										
											2018-07-15 20:39:13 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_organizations | 
					
						
							|  |  |  | def test_list_parents_for_ou(): | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     client = boto3.client("organizations", region_name="us-east-1") | 
					
						
							|  |  |  |     org = client.create_organization(FeatureSet="ALL")["Organization"] | 
					
						
							|  |  |  |     root_id = client.list_roots()["Roots"][0]["Id"] | 
					
						
							|  |  |  |     ou01 = client.create_organizational_unit(ParentId=root_id, Name="ou01") | 
					
						
							|  |  |  |     ou01_id = ou01["OrganizationalUnit"]["Id"] | 
					
						
							| 
									
										
										
										
											2018-07-15 20:39:13 -07:00
										 |  |  |     response01 = client.list_parents(ChildId=ou01_id) | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     response01.should.have.key("Parents").should.be.a(list) | 
					
						
							|  |  |  |     response01["Parents"][0].should.have.key("Id").should.equal(root_id) | 
					
						
							|  |  |  |     response01["Parents"][0].should.have.key("Type").should.equal("ROOT") | 
					
						
							|  |  |  |     ou02 = client.create_organizational_unit(ParentId=ou01_id, Name="ou02") | 
					
						
							|  |  |  |     ou02_id = ou02["OrganizationalUnit"]["Id"] | 
					
						
							| 
									
										
										
										
											2018-07-15 20:39:13 -07:00
										 |  |  |     response02 = client.list_parents(ChildId=ou02_id) | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     response02.should.have.key("Parents").should.be.a(list) | 
					
						
							|  |  |  |     response02["Parents"][0].should.have.key("Id").should.equal(ou01_id) | 
					
						
							|  |  |  |     response02["Parents"][0].should.have.key("Type").should.equal("ORGANIZATIONAL_UNIT") | 
					
						
							| 
									
										
										
										
											2018-07-15 20:39:13 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_organizations | 
					
						
							|  |  |  | def test_list_parents_for_accounts(): | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     client = boto3.client("organizations", region_name="us-east-1") | 
					
						
							|  |  |  |     org = client.create_organization(FeatureSet="ALL")["Organization"] | 
					
						
							|  |  |  |     root_id = client.list_roots()["Roots"][0]["Id"] | 
					
						
							|  |  |  |     ou01 = client.create_organizational_unit(ParentId=root_id, Name="ou01") | 
					
						
							|  |  |  |     ou01_id = ou01["OrganizationalUnit"]["Id"] | 
					
						
							| 
									
										
										
										
											2018-07-15 20:39:13 -07:00
										 |  |  |     account01_id = client.create_account( | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |         AccountName="account01", Email="account01@moto-example.org" | 
					
						
							|  |  |  |     )["CreateAccountStatus"]["AccountId"] | 
					
						
							| 
									
										
										
										
											2018-07-15 20:39:13 -07:00
										 |  |  |     account02_id = client.create_account( | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |         AccountName="account02", Email="account02@moto-example.org" | 
					
						
							|  |  |  |     )["CreateAccountStatus"]["AccountId"] | 
					
						
							| 
									
										
										
										
											2018-07-15 20:39:13 -07:00
										 |  |  |     client.move_account( | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |         AccountId=account02_id, SourceParentId=root_id, DestinationParentId=ou01_id | 
					
						
							| 
									
										
										
										
											2018-07-15 20:39:13 -07:00
										 |  |  |     ) | 
					
						
							|  |  |  |     response01 = client.list_parents(ChildId=account01_id) | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     response01.should.have.key("Parents").should.be.a(list) | 
					
						
							|  |  |  |     response01["Parents"][0].should.have.key("Id").should.equal(root_id) | 
					
						
							|  |  |  |     response01["Parents"][0].should.have.key("Type").should.equal("ROOT") | 
					
						
							| 
									
										
										
										
											2018-07-15 20:39:13 -07:00
										 |  |  |     response02 = client.list_parents(ChildId=account02_id) | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     response02.should.have.key("Parents").should.be.a(list) | 
					
						
							|  |  |  |     response02["Parents"][0].should.have.key("Id").should.equal(ou01_id) | 
					
						
							|  |  |  |     response02["Parents"][0].should.have.key("Type").should.equal("ORGANIZATIONAL_UNIT") | 
					
						
							| 
									
										
										
										
											2018-07-15 22:19:42 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_organizations | 
					
						
							| 
									
										
										
										
											2018-07-20 13:54:53 -07:00
										 |  |  | def test_list_children(): | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     client = boto3.client("organizations", region_name="us-east-1") | 
					
						
							|  |  |  |     org = client.create_organization(FeatureSet="ALL")["Organization"] | 
					
						
							|  |  |  |     root_id = client.list_roots()["Roots"][0]["Id"] | 
					
						
							|  |  |  |     ou01 = client.create_organizational_unit(ParentId=root_id, Name="ou01") | 
					
						
							|  |  |  |     ou01_id = ou01["OrganizationalUnit"]["Id"] | 
					
						
							|  |  |  |     ou02 = client.create_organizational_unit(ParentId=ou01_id, Name="ou02") | 
					
						
							|  |  |  |     ou02_id = ou02["OrganizationalUnit"]["Id"] | 
					
						
							| 
									
										
										
										
											2018-07-15 22:19:42 -07:00
										 |  |  |     account01_id = client.create_account( | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |         AccountName="account01", Email="account01@moto-example.org" | 
					
						
							|  |  |  |     )["CreateAccountStatus"]["AccountId"] | 
					
						
							| 
									
										
										
										
											2018-07-15 22:19:42 -07:00
										 |  |  |     account02_id = client.create_account( | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |         AccountName="account02", Email="account02@moto-example.org" | 
					
						
							|  |  |  |     )["CreateAccountStatus"]["AccountId"] | 
					
						
							| 
									
										
										
										
											2018-07-15 22:19:42 -07:00
										 |  |  |     client.move_account( | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |         AccountId=account02_id, SourceParentId=root_id, DestinationParentId=ou01_id | 
					
						
							| 
									
										
										
										
											2018-07-15 22:19:42 -07:00
										 |  |  |     ) | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     response01 = client.list_children(ParentId=root_id, ChildType="ACCOUNT") | 
					
						
							|  |  |  |     response02 = client.list_children(ParentId=root_id, ChildType="ORGANIZATIONAL_UNIT") | 
					
						
							|  |  |  |     response03 = client.list_children(ParentId=ou01_id, ChildType="ACCOUNT") | 
					
						
							|  |  |  |     response04 = client.list_children(ParentId=ou01_id, ChildType="ORGANIZATIONAL_UNIT") | 
					
						
							|  |  |  |     response01["Children"][0]["Id"].should.equal(utils.MASTER_ACCOUNT_ID) | 
					
						
							|  |  |  |     response01["Children"][0]["Type"].should.equal("ACCOUNT") | 
					
						
							|  |  |  |     response01["Children"][1]["Id"].should.equal(account01_id) | 
					
						
							|  |  |  |     response01["Children"][1]["Type"].should.equal("ACCOUNT") | 
					
						
							|  |  |  |     response02["Children"][0]["Id"].should.equal(ou01_id) | 
					
						
							|  |  |  |     response02["Children"][0]["Type"].should.equal("ORGANIZATIONAL_UNIT") | 
					
						
							|  |  |  |     response03["Children"][0]["Id"].should.equal(account02_id) | 
					
						
							|  |  |  |     response03["Children"][0]["Type"].should.equal("ACCOUNT") | 
					
						
							|  |  |  |     response04["Children"][0]["Id"].should.equal(ou02_id) | 
					
						
							|  |  |  |     response04["Children"][0]["Type"].should.equal("ORGANIZATIONAL_UNIT") | 
					
						
							| 
									
										
										
										
											2018-07-20 13:54:53 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_organizations | 
					
						
							|  |  |  | def test_list_children_exception(): | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     client = boto3.client("organizations", region_name="us-east-1") | 
					
						
							|  |  |  |     org = client.create_organization(FeatureSet="ALL")["Organization"] | 
					
						
							|  |  |  |     root_id = client.list_roots()["Roots"][0]["Id"] | 
					
						
							| 
									
										
										
										
											2018-07-20 13:54:53 -07:00
										 |  |  |     with assert_raises(ClientError) as e: | 
					
						
							|  |  |  |         response = client.list_children( | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |             ParentId=utils.make_random_root_id(), ChildType="ACCOUNT" | 
					
						
							| 
									
										
										
										
											2018-07-20 13:54:53 -07:00
										 |  |  |         ) | 
					
						
							|  |  |  |     ex = e.exception | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     ex.operation_name.should.equal("ListChildren") | 
					
						
							|  |  |  |     ex.response["Error"]["Code"].should.equal("400") | 
					
						
							|  |  |  |     ex.response["Error"]["Message"].should.contain("ParentNotFoundException") | 
					
						
							| 
									
										
										
										
											2018-07-20 13:54:53 -07:00
										 |  |  |     with assert_raises(ClientError) as e: | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |         response = client.list_children(ParentId=root_id, ChildType="BLEE") | 
					
						
							| 
									
										
										
										
											2018-07-20 13:54:53 -07:00
										 |  |  |     ex = e.exception | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     ex.operation_name.should.equal("ListChildren") | 
					
						
							|  |  |  |     ex.response["Error"]["Code"].should.equal("400") | 
					
						
							|  |  |  |     ex.response["Error"]["Message"].should.contain("InvalidInputException") | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | # Service Control Policies | 
					
						
							|  |  |  | policy_doc01 = dict( | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     Version="2012-10-17", | 
					
						
							|  |  |  |     Statement=[ | 
					
						
							|  |  |  |         dict(Sid="MockPolicyStatement", Effect="Allow", Action="s3:*", Resource="*") | 
					
						
							|  |  |  |     ], | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  | ) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  | @mock_organizations | 
					
						
							|  |  |  | def test_create_policy(): | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     client = boto3.client("organizations", region_name="us-east-1") | 
					
						
							|  |  |  |     org = client.create_organization(FeatureSet="ALL")["Organization"] | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  |     policy = client.create_policy( | 
					
						
							|  |  |  |         Content=json.dumps(policy_doc01), | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |         Description="A dummy service control policy", | 
					
						
							|  |  |  |         Name="MockServiceControlPolicy", | 
					
						
							|  |  |  |         Type="SERVICE_CONTROL_POLICY", | 
					
						
							|  |  |  |     )["Policy"] | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  |     validate_service_control_policy(org, policy) | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     policy["PolicySummary"]["Name"].should.equal("MockServiceControlPolicy") | 
					
						
							|  |  |  |     policy["PolicySummary"]["Description"].should.equal( | 
					
						
							|  |  |  |         "A dummy service control policy" | 
					
						
							|  |  |  |     ) | 
					
						
							|  |  |  |     policy["Content"].should.equal(json.dumps(policy_doc01)) | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_organizations | 
					
						
							|  |  |  | def test_describe_policy(): | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     client = boto3.client("organizations", region_name="us-east-1") | 
					
						
							|  |  |  |     org = client.create_organization(FeatureSet="ALL")["Organization"] | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  |     policy_id = client.create_policy( | 
					
						
							|  |  |  |         Content=json.dumps(policy_doc01), | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |         Description="A dummy service control policy", | 
					
						
							|  |  |  |         Name="MockServiceControlPolicy", | 
					
						
							|  |  |  |         Type="SERVICE_CONTROL_POLICY", | 
					
						
							|  |  |  |     )["Policy"]["PolicySummary"]["Id"] | 
					
						
							|  |  |  |     policy = client.describe_policy(PolicyId=policy_id)["Policy"] | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  |     validate_service_control_policy(org, policy) | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     policy["PolicySummary"]["Name"].should.equal("MockServiceControlPolicy") | 
					
						
							|  |  |  |     policy["PolicySummary"]["Description"].should.equal( | 
					
						
							|  |  |  |         "A dummy service control policy" | 
					
						
							|  |  |  |     ) | 
					
						
							|  |  |  |     policy["Content"].should.equal(json.dumps(policy_doc01)) | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_organizations | 
					
						
							|  |  |  | def test_describe_policy_exception(): | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     client = boto3.client("organizations", region_name="us-east-1") | 
					
						
							|  |  |  |     client.create_organization(FeatureSet="ALL")["Organization"] | 
					
						
							|  |  |  |     policy_id = "p-47fhe9s3" | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  |     with assert_raises(ClientError) as e: | 
					
						
							|  |  |  |         response = client.describe_policy(PolicyId=policy_id) | 
					
						
							|  |  |  |     ex = e.exception | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     ex.operation_name.should.equal("DescribePolicy") | 
					
						
							|  |  |  |     ex.response["Error"]["Code"].should.equal("400") | 
					
						
							|  |  |  |     ex.response["Error"]["Message"].should.contain("PolicyNotFoundException") | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  |     with assert_raises(ClientError) as e: | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |         response = client.describe_policy(PolicyId="meaninglessstring") | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  |     ex = e.exception | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     ex.operation_name.should.equal("DescribePolicy") | 
					
						
							|  |  |  |     ex.response["Error"]["Code"].should.equal("400") | 
					
						
							|  |  |  |     ex.response["Error"]["Message"].should.contain("InvalidInputException") | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_organizations | 
					
						
							|  |  |  | def test_attach_policy(): | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     client = boto3.client("organizations", region_name="us-east-1") | 
					
						
							|  |  |  |     org = client.create_organization(FeatureSet="ALL")["Organization"] | 
					
						
							|  |  |  |     root_id = client.list_roots()["Roots"][0]["Id"] | 
					
						
							|  |  |  |     ou_id = client.create_organizational_unit(ParentId=root_id, Name="ou01")[ | 
					
						
							|  |  |  |         "OrganizationalUnit" | 
					
						
							|  |  |  |     ]["Id"] | 
					
						
							|  |  |  |     account_id = client.create_account(AccountName=mockname, Email=mockemail)[ | 
					
						
							|  |  |  |         "CreateAccountStatus" | 
					
						
							|  |  |  |     ]["AccountId"] | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  |     policy_id = client.create_policy( | 
					
						
							|  |  |  |         Content=json.dumps(policy_doc01), | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |         Description="A dummy service control policy", | 
					
						
							|  |  |  |         Name="MockServiceControlPolicy", | 
					
						
							|  |  |  |         Type="SERVICE_CONTROL_POLICY", | 
					
						
							|  |  |  |     )["Policy"]["PolicySummary"]["Id"] | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  |     response = client.attach_policy(PolicyId=policy_id, TargetId=root_id) | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     response["ResponseMetadata"]["HTTPStatusCode"].should.equal(200) | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  |     response = client.attach_policy(PolicyId=policy_id, TargetId=ou_id) | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     response["ResponseMetadata"]["HTTPStatusCode"].should.equal(200) | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  |     response = client.attach_policy(PolicyId=policy_id, TargetId=account_id) | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     response["ResponseMetadata"]["HTTPStatusCode"].should.equal(200) | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_organizations | 
					
						
							|  |  |  | def test_attach_policy_exception(): | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     client = boto3.client("organizations", region_name="us-east-1") | 
					
						
							|  |  |  |     client.create_organization(FeatureSet="ALL")["Organization"] | 
					
						
							|  |  |  |     root_id = "r-dj873" | 
					
						
							|  |  |  |     ou_id = "ou-gi99-i7r8eh2i2" | 
					
						
							|  |  |  |     account_id = "126644886543" | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  |     policy_id = client.create_policy( | 
					
						
							|  |  |  |         Content=json.dumps(policy_doc01), | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |         Description="A dummy service control policy", | 
					
						
							|  |  |  |         Name="MockServiceControlPolicy", | 
					
						
							|  |  |  |         Type="SERVICE_CONTROL_POLICY", | 
					
						
							|  |  |  |     )["Policy"]["PolicySummary"]["Id"] | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  |     with assert_raises(ClientError) as e: | 
					
						
							|  |  |  |         response = client.attach_policy(PolicyId=policy_id, TargetId=root_id) | 
					
						
							|  |  |  |     ex = e.exception | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     ex.operation_name.should.equal("AttachPolicy") | 
					
						
							|  |  |  |     ex.response["Error"]["Code"].should.equal("400") | 
					
						
							|  |  |  |     ex.response["Error"]["Message"].should.contain( | 
					
						
							|  |  |  |         "OrganizationalUnitNotFoundException" | 
					
						
							|  |  |  |     ) | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  |     with assert_raises(ClientError) as e: | 
					
						
							|  |  |  |         response = client.attach_policy(PolicyId=policy_id, TargetId=ou_id) | 
					
						
							|  |  |  |     ex = e.exception | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     ex.operation_name.should.equal("AttachPolicy") | 
					
						
							|  |  |  |     ex.response["Error"]["Code"].should.equal("400") | 
					
						
							|  |  |  |     ex.response["Error"]["Message"].should.contain( | 
					
						
							|  |  |  |         "OrganizationalUnitNotFoundException" | 
					
						
							|  |  |  |     ) | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  |     with assert_raises(ClientError) as e: | 
					
						
							|  |  |  |         response = client.attach_policy(PolicyId=policy_id, TargetId=account_id) | 
					
						
							|  |  |  |     ex = e.exception | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     ex.operation_name.should.equal("AttachPolicy") | 
					
						
							|  |  |  |     ex.response["Error"]["Code"].should.equal("400") | 
					
						
							|  |  |  |     ex.response["Error"]["Message"].should.contain("AccountNotFoundException") | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  |     with assert_raises(ClientError) as e: | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |         response = client.attach_policy( | 
					
						
							|  |  |  |             PolicyId=policy_id, TargetId="meaninglessstring" | 
					
						
							|  |  |  |         ) | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  |     ex = e.exception | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     ex.operation_name.should.equal("AttachPolicy") | 
					
						
							|  |  |  |     ex.response["Error"]["Code"].should.equal("400") | 
					
						
							|  |  |  |     ex.response["Error"]["Message"].should.contain("InvalidInputException") | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_organizations | 
					
						
							|  |  |  | def test_list_polices(): | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     client = boto3.client("organizations", region_name="us-east-1") | 
					
						
							|  |  |  |     org = client.create_organization(FeatureSet="ALL")["Organization"] | 
					
						
							|  |  |  |     for i in range(0, 4): | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  |         client.create_policy( | 
					
						
							|  |  |  |             Content=json.dumps(policy_doc01), | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |             Description="A dummy service control policy", | 
					
						
							|  |  |  |             Name="MockServiceControlPolicy" + str(i), | 
					
						
							|  |  |  |             Type="SERVICE_CONTROL_POLICY", | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  |         ) | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     response = client.list_policies(Filter="SERVICE_CONTROL_POLICY") | 
					
						
							|  |  |  |     for policy in response["Policies"]: | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  |         validate_policy_summary(org, policy) | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  | @mock_organizations | 
					
						
							|  |  |  | def test_list_policies_for_target(): | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     client = boto3.client("organizations", region_name="us-east-1") | 
					
						
							|  |  |  |     org = client.create_organization(FeatureSet="ALL")["Organization"] | 
					
						
							|  |  |  |     root_id = client.list_roots()["Roots"][0]["Id"] | 
					
						
							|  |  |  |     ou_id = client.create_organizational_unit(ParentId=root_id, Name="ou01")[ | 
					
						
							|  |  |  |         "OrganizationalUnit" | 
					
						
							|  |  |  |     ]["Id"] | 
					
						
							|  |  |  |     account_id = client.create_account(AccountName=mockname, Email=mockemail)[ | 
					
						
							|  |  |  |         "CreateAccountStatus" | 
					
						
							|  |  |  |     ]["AccountId"] | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  |     policy_id = client.create_policy( | 
					
						
							|  |  |  |         Content=json.dumps(policy_doc01), | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |         Description="A dummy service control policy", | 
					
						
							|  |  |  |         Name="MockServiceControlPolicy", | 
					
						
							|  |  |  |         Type="SERVICE_CONTROL_POLICY", | 
					
						
							|  |  |  |     )["Policy"]["PolicySummary"]["Id"] | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  |     client.attach_policy(PolicyId=policy_id, TargetId=ou_id) | 
					
						
							|  |  |  |     response = client.list_policies_for_target( | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |         TargetId=ou_id, Filter="SERVICE_CONTROL_POLICY" | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  |     ) | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     for policy in response["Policies"]: | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  |         validate_policy_summary(org, policy) | 
					
						
							|  |  |  |     client.attach_policy(PolicyId=policy_id, TargetId=account_id) | 
					
						
							|  |  |  |     response = client.list_policies_for_target( | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |         TargetId=account_id, Filter="SERVICE_CONTROL_POLICY" | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  |     ) | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     for policy in response["Policies"]: | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  |         validate_policy_summary(org, policy) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_organizations | 
					
						
							|  |  |  | def test_list_policies_for_target_exception(): | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     client = boto3.client("organizations", region_name="us-east-1") | 
					
						
							|  |  |  |     client.create_organization(FeatureSet="ALL")["Organization"] | 
					
						
							|  |  |  |     ou_id = "ou-gi99-i7r8eh2i2" | 
					
						
							|  |  |  |     account_id = "126644886543" | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  |     with assert_raises(ClientError) as e: | 
					
						
							|  |  |  |         response = client.list_policies_for_target( | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |             TargetId=ou_id, Filter="SERVICE_CONTROL_POLICY" | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  |         ) | 
					
						
							|  |  |  |     ex = e.exception | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     ex.operation_name.should.equal("ListPoliciesForTarget") | 
					
						
							|  |  |  |     ex.response["Error"]["Code"].should.equal("400") | 
					
						
							|  |  |  |     ex.response["Error"]["Message"].should.contain( | 
					
						
							|  |  |  |         "OrganizationalUnitNotFoundException" | 
					
						
							|  |  |  |     ) | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  |     with assert_raises(ClientError) as e: | 
					
						
							|  |  |  |         response = client.list_policies_for_target( | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |             TargetId=account_id, Filter="SERVICE_CONTROL_POLICY" | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  |         ) | 
					
						
							|  |  |  |     ex = e.exception | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     ex.operation_name.should.equal("ListPoliciesForTarget") | 
					
						
							|  |  |  |     ex.response["Error"]["Code"].should.equal("400") | 
					
						
							|  |  |  |     ex.response["Error"]["Message"].should.contain("AccountNotFoundException") | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  |     with assert_raises(ClientError) as e: | 
					
						
							|  |  |  |         response = client.list_policies_for_target( | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |             TargetId="meaninglessstring", Filter="SERVICE_CONTROL_POLICY" | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  |         ) | 
					
						
							|  |  |  |     ex = e.exception | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     ex.operation_name.should.equal("ListPoliciesForTarget") | 
					
						
							|  |  |  |     ex.response["Error"]["Code"].should.equal("400") | 
					
						
							|  |  |  |     ex.response["Error"]["Message"].should.contain("InvalidInputException") | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  | @mock_organizations | 
					
						
							|  |  |  | def test_list_targets_for_policy(): | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     client = boto3.client("organizations", region_name="us-east-1") | 
					
						
							|  |  |  |     org = client.create_organization(FeatureSet="ALL")["Organization"] | 
					
						
							|  |  |  |     root_id = client.list_roots()["Roots"][0]["Id"] | 
					
						
							|  |  |  |     ou_id = client.create_organizational_unit(ParentId=root_id, Name="ou01")[ | 
					
						
							|  |  |  |         "OrganizationalUnit" | 
					
						
							|  |  |  |     ]["Id"] | 
					
						
							|  |  |  |     account_id = client.create_account(AccountName=mockname, Email=mockemail)[ | 
					
						
							|  |  |  |         "CreateAccountStatus" | 
					
						
							|  |  |  |     ]["AccountId"] | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  |     policy_id = client.create_policy( | 
					
						
							|  |  |  |         Content=json.dumps(policy_doc01), | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |         Description="A dummy service control policy", | 
					
						
							|  |  |  |         Name="MockServiceControlPolicy", | 
					
						
							|  |  |  |         Type="SERVICE_CONTROL_POLICY", | 
					
						
							|  |  |  |     )["Policy"]["PolicySummary"]["Id"] | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  |     client.attach_policy(PolicyId=policy_id, TargetId=root_id) | 
					
						
							|  |  |  |     client.attach_policy(PolicyId=policy_id, TargetId=ou_id) | 
					
						
							|  |  |  |     client.attach_policy(PolicyId=policy_id, TargetId=account_id) | 
					
						
							|  |  |  |     response = client.list_targets_for_policy(PolicyId=policy_id) | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     for target in response["Targets"]: | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  |         target.should.be.a(dict) | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |         target.should.have.key("Name").should.be.a(six.string_types) | 
					
						
							|  |  |  |         target.should.have.key("Arn").should.be.a(six.string_types) | 
					
						
							|  |  |  |         target.should.have.key("TargetId").should.be.a(six.string_types) | 
					
						
							|  |  |  |         target.should.have.key("Type").should.be.within( | 
					
						
							|  |  |  |             ["ROOT", "ORGANIZATIONAL_UNIT", "ACCOUNT"] | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  |         ) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_organizations | 
					
						
							|  |  |  | def test_list_targets_for_policy_exception(): | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     client = boto3.client("organizations", region_name="us-east-1") | 
					
						
							|  |  |  |     client.create_organization(FeatureSet="ALL")["Organization"] | 
					
						
							|  |  |  |     policy_id = "p-47fhe9s3" | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  |     with assert_raises(ClientError) as e: | 
					
						
							|  |  |  |         response = client.list_targets_for_policy(PolicyId=policy_id) | 
					
						
							|  |  |  |     ex = e.exception | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     ex.operation_name.should.equal("ListTargetsForPolicy") | 
					
						
							|  |  |  |     ex.response["Error"]["Code"].should.equal("400") | 
					
						
							|  |  |  |     ex.response["Error"]["Message"].should.contain("PolicyNotFoundException") | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  |     with assert_raises(ClientError) as e: | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |         response = client.list_targets_for_policy(PolicyId="meaninglessstring") | 
					
						
							| 
									
										
										
										
											2019-05-25 02:20:19 -07:00
										 |  |  |     ex = e.exception | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     ex.operation_name.should.equal("ListTargetsForPolicy") | 
					
						
							|  |  |  |     ex.response["Error"]["Code"].should.equal("400") | 
					
						
							|  |  |  |     ex.response["Error"]["Message"].should.contain("InvalidInputException") | 
					
						
							| 
									
										
										
										
											2019-11-17 14:52:57 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_organizations | 
					
						
							|  |  |  | def test_tag_resource(): | 
					
						
							|  |  |  |     client = boto3.client("organizations", region_name="us-east-1") | 
					
						
							|  |  |  |     client.create_organization(FeatureSet="ALL") | 
					
						
							|  |  |  |     account_id = client.create_account(AccountName=mockname, Email=mockemail)[ | 
					
						
							|  |  |  |         "CreateAccountStatus" | 
					
						
							|  |  |  |     ]["AccountId"] | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     client.tag_resource(ResourceId=account_id, Tags=[{"Key": "key", "Value": "value"}]) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-11-17 15:10:38 +01:00
										 |  |  |     response = client.list_tags_for_resource(ResourceId=account_id) | 
					
						
							|  |  |  |     response["Tags"].should.equal([{"Key": "key", "Value": "value"}]) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     # adding a tag with an existing key, will update the value | 
					
						
							|  |  |  |     client.tag_resource( | 
					
						
							|  |  |  |         ResourceId=account_id, Tags=[{"Key": "key", "Value": "new-value"}] | 
					
						
							|  |  |  |     ) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     response = client.list_tags_for_resource(ResourceId=account_id) | 
					
						
							|  |  |  |     response["Tags"].should.equal([{"Key": "key", "Value": "new-value"}]) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-11-17 14:52:57 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  | @mock_organizations | 
					
						
							|  |  |  | def test_tag_resource_errors(): | 
					
						
							|  |  |  |     client = boto3.client("organizations", region_name="us-east-1") | 
					
						
							|  |  |  |     client.create_organization(FeatureSet="ALL") | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     with assert_raises(ClientError) as e: | 
					
						
							|  |  |  |         client.tag_resource( | 
					
						
							|  |  |  |             ResourceId="000000000000", Tags=[{"Key": "key", "Value": "value"},] | 
					
						
							|  |  |  |         ) | 
					
						
							|  |  |  |     ex = e.exception | 
					
						
							|  |  |  |     ex.operation_name.should.equal("TagResource") | 
					
						
							| 
									
										
										
										
											2019-11-21 22:03:25 +01:00
										 |  |  |     ex.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(400) | 
					
						
							|  |  |  |     ex.response["Error"]["Code"].should.contain("InvalidInputException") | 
					
						
							|  |  |  |     ex.response["Error"]["Message"].should.equal( | 
					
						
							| 
									
										
										
										
											2019-11-17 14:52:57 +01:00
										 |  |  |         "You provided a value that does not match the required pattern." | 
					
						
							|  |  |  |     ) | 
					
						
							| 
									
										
										
										
											2019-11-17 15:10:38 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_organizations | 
					
						
							|  |  |  | def test_list_tags_for_resource(): | 
					
						
							|  |  |  |     client = boto3.client("organizations", region_name="us-east-1") | 
					
						
							|  |  |  |     client.create_organization(FeatureSet="ALL") | 
					
						
							|  |  |  |     account_id = client.create_account(AccountName=mockname, Email=mockemail)[ | 
					
						
							|  |  |  |         "CreateAccountStatus" | 
					
						
							|  |  |  |     ]["AccountId"] | 
					
						
							|  |  |  |     client.tag_resource(ResourceId=account_id, Tags=[{"Key": "key", "Value": "value"}]) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     response = client.list_tags_for_resource(ResourceId=account_id) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     response["Tags"].should.equal([{"Key": "key", "Value": "value"}]) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_organizations | 
					
						
							|  |  |  | def test_list_tags_for_resource_errors(): | 
					
						
							|  |  |  |     client = boto3.client("organizations", region_name="us-east-1") | 
					
						
							|  |  |  |     client.create_organization(FeatureSet="ALL") | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     with assert_raises(ClientError) as e: | 
					
						
							|  |  |  |         client.list_tags_for_resource(ResourceId="000000000000") | 
					
						
							|  |  |  |     ex = e.exception | 
					
						
							|  |  |  |     ex.operation_name.should.equal("ListTagsForResource") | 
					
						
							| 
									
										
										
										
											2019-11-21 22:03:25 +01:00
										 |  |  |     ex.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(400) | 
					
						
							|  |  |  |     ex.response["Error"]["Code"].should.contain("InvalidInputException") | 
					
						
							|  |  |  |     ex.response["Error"]["Message"].should.equal( | 
					
						
							| 
									
										
										
										
											2019-11-17 15:10:38 +01:00
										 |  |  |         "You provided a value that does not match the required pattern." | 
					
						
							|  |  |  |     ) | 
					
						
							| 
									
										
										
										
											2019-11-17 15:28:38 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_organizations | 
					
						
							|  |  |  | def test_untag_resource(): | 
					
						
							|  |  |  |     client = boto3.client("organizations", region_name="us-east-1") | 
					
						
							|  |  |  |     client.create_organization(FeatureSet="ALL") | 
					
						
							|  |  |  |     account_id = client.create_account(AccountName=mockname, Email=mockemail)[ | 
					
						
							|  |  |  |         "CreateAccountStatus" | 
					
						
							|  |  |  |     ]["AccountId"] | 
					
						
							|  |  |  |     client.tag_resource(ResourceId=account_id, Tags=[{"Key": "key", "Value": "value"}]) | 
					
						
							|  |  |  |     response = client.list_tags_for_resource(ResourceId=account_id) | 
					
						
							|  |  |  |     response["Tags"].should.equal([{"Key": "key", "Value": "value"}]) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     # removing a non existing tag should not raise any error | 
					
						
							|  |  |  |     client.untag_resource(ResourceId=account_id, TagKeys=["not-existing"]) | 
					
						
							|  |  |  |     response = client.list_tags_for_resource(ResourceId=account_id) | 
					
						
							|  |  |  |     response["Tags"].should.equal([{"Key": "key", "Value": "value"}]) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     client.untag_resource(ResourceId=account_id, TagKeys=["key"]) | 
					
						
							|  |  |  |     response = client.list_tags_for_resource(ResourceId=account_id) | 
					
						
							|  |  |  |     response["Tags"].should.have.length_of(0) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_organizations | 
					
						
							|  |  |  | def test_untag_resource_errors(): | 
					
						
							|  |  |  |     client = boto3.client("organizations", region_name="us-east-1") | 
					
						
							|  |  |  |     client.create_organization(FeatureSet="ALL") | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     with assert_raises(ClientError) as e: | 
					
						
							|  |  |  |         client.untag_resource(ResourceId="000000000000", TagKeys=["key"]) | 
					
						
							|  |  |  |     ex = e.exception | 
					
						
							|  |  |  |     ex.operation_name.should.equal("UntagResource") | 
					
						
							| 
									
										
										
										
											2019-11-21 22:03:25 +01:00
										 |  |  |     ex.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(400) | 
					
						
							|  |  |  |     ex.response["Error"]["Code"].should.contain("InvalidInputException") | 
					
						
							|  |  |  |     ex.response["Error"]["Message"].should.equal( | 
					
						
							| 
									
										
										
										
											2019-11-17 15:28:38 +01:00
										 |  |  |         "You provided a value that does not match the required pattern." | 
					
						
							|  |  |  |     ) |