Merge pull request #1727 from ashleygould/organizations_support

Organizations support

IMPLEMENTATION_COVERAGE.md

@@ -3092,23 +3092,23 @@
 - [ ] update_server
 - [ ] update_server_engine_attributes
 
-## organizations - 0% implemented
+## organizations - 30% implemented
 - [ ] accept_handshake
 - [ ] attach_policy
 - [ ] cancel_handshake
-- [ ] create_account
-- [ ] create_organization
-- [ ] create_organizational_unit
+- [X] create_account
+- [X] create_organization
+- [X] create_organizational_unit
 - [ ] create_policy
 - [ ] decline_handshake
 - [ ] delete_organization
 - [ ] delete_organizational_unit
 - [ ] delete_policy
-- [ ] describe_account
+- [X] describe_account
 - [ ] describe_create_account_status
 - [ ] describe_handshake
-- [ ] describe_organization
-- [ ] describe_organizational_unit
+- [X] describe_organization
+- [X] describe_organizational_unit
 - [ ] describe_policy
 - [ ] detach_policy
 - [ ] disable_aws_service_access
@@ -3118,20 +3118,20 @@
 - [ ] enable_policy_type
 - [ ] invite_account_to_organization
 - [ ] leave_organization
-- [ ] list_accounts
-- [ ] list_accounts_for_parent
+- [X] list_accounts
+- [X] list_accounts_for_parent
 - [ ] list_aws_service_access_for_organization
-- [ ] list_children
+- [X] list_children
 - [ ] list_create_account_status
 - [ ] list_handshakes_for_account
 - [ ] list_handshakes_for_organization
-- [ ] list_organizational_units_for_parent
-- [ ] list_parents
+- [X] list_organizational_units_for_parent
+- [X] list_parents
 - [ ] list_policies
 - [ ] list_policies_for_target
-- [ ] list_roots
+- [X] list_roots
 - [ ] list_targets_for_policy
-- [ ] move_account
+- [X] move_account
 - [ ] remove_account_from_organization
 - [ ] update_organizational_unit
 - [ ] update_policy

README.md

@@ -112,6 +112,8 @@ It gets even better! Moto isn't just for Python code and it isn't just for S3. L
 |------------------------------------------------------------------------------|
 | KMS                   | @mock_kms        | basic endpoints done              |
 |------------------------------------------------------------------------------|
+| Organizations         | @mock_organizations | some core endpoints done       |
+|------------------------------------------------------------------------------|
 | Polly                 | @mock_polly      | all endpoints done                |
 |------------------------------------------------------------------------------|
 | RDS                   | @mock_rds        | core endpoints done               |

moto/__init__.py

@@ -28,6 +28,7 @@ from .glue import mock_glue  # flake8: noqa
 from .iam import mock_iam, mock_iam_deprecated  # flake8: noqa
 from .kinesis import mock_kinesis, mock_kinesis_deprecated  # flake8: noqa
 from .kms import mock_kms, mock_kms_deprecated  # flake8: noqa
+from .organizations import mock_organizations  # flake8: noqa
 from .opsworks import mock_opsworks, mock_opsworks_deprecated  # flake8: noqa
 from .polly import mock_polly  # flake8: noqa
 from .rds import mock_rds, mock_rds_deprecated  # flake8: noqa

moto/backends.py

@@ -27,6 +27,7 @@ from moto.kinesis import kinesis_backends
 from moto.kms import kms_backends
 from moto.logs import logs_backends
 from moto.opsworks import opsworks_backends
+from moto.organizations import organizations_backends
 from moto.polly import polly_backends
 from moto.rds2 import rds2_backends
 from moto.redshift import redshift_backends
@@ -74,6 +75,7 @@ BACKENDS = {
     'kinesis': kinesis_backends,
     'kms': kms_backends,
     'opsworks': opsworks_backends,
+    'organizations': organizations_backends,
     'polly': polly_backends,
     'redshift': redshift_backends,
     'rds': rds2_backends,

moto/organizations/__init__.py

@@ -0,0 +1,6 @@
+from __future__ import unicode_literals
+from .models import organizations_backend
+from ..core.models import base_decorator
+
+organizations_backends = {"global": organizations_backend}
+mock_organizations = base_decorator(organizations_backends)

moto/organizations/models.py

@@ -0,0 +1,296 @@
+from __future__ import unicode_literals
+
+import datetime
+import re
+
+from moto.core import BaseBackend, BaseModel
+from moto.core.exceptions import RESTError
+from moto.core.utils import unix_time
+from moto.organizations import utils
+
+
+class FakeOrganization(BaseModel):
+
+    def __init__(self, feature_set):
+        self.id = utils.make_random_org_id()
+        self.root_id = utils.make_random_root_id()
+        self.feature_set = feature_set
+        self.master_account_id = utils.MASTER_ACCOUNT_ID
+        self.master_account_email = utils.MASTER_ACCOUNT_EMAIL
+        self.available_policy_types = [{
+            'Type': 'SERVICE_CONTROL_POLICY',
+            'Status': 'ENABLED'
+        }]
+
+    @property
+    def arn(self):
+        return utils.ORGANIZATION_ARN_FORMAT.format(self.master_account_id, self.id)
+
+    @property
+    def master_account_arn(self):
+        return utils.MASTER_ACCOUNT_ARN_FORMAT.format(self.master_account_id, self.id)
+
+    def describe(self):
+        return {
+            'Organization': {
+                'Id': self.id,
+                'Arn': self.arn,
+                'FeatureSet': self.feature_set,
+                'MasterAccountArn': self.master_account_arn,
+                'MasterAccountId': self.master_account_id,
+                'MasterAccountEmail': self.master_account_email,
+                'AvailablePolicyTypes': self.available_policy_types,
+            }
+        }
+
+
+class FakeAccount(BaseModel):
+
+    def __init__(self, organization, **kwargs):
+        self.organization_id = organization.id
+        self.master_account_id = organization.master_account_id
+        self.create_account_status_id = utils.make_random_create_account_status_id()
+        self.id = utils.make_random_account_id()
+        self.name = kwargs['AccountName']
+        self.email = kwargs['Email']
+        self.create_time = datetime.datetime.utcnow()
+        self.status = 'ACTIVE'
+        self.joined_method = 'CREATED'
+        self.parent_id = organization.root_id
+
+    @property
+    def arn(self):
+        return utils.ACCOUNT_ARN_FORMAT.format(
+            self.master_account_id,
+            self.organization_id,
+            self.id
+        )
+
+    @property
+    def create_account_status(self):
+        return {
+            'CreateAccountStatus': {
+                'Id': self.create_account_status_id,
+                'AccountName': self.name,
+                'State': 'SUCCEEDED',
+                'RequestedTimestamp': unix_time(self.create_time),
+                'CompletedTimestamp': unix_time(self.create_time),
+                'AccountId': self.id,
+            }
+        }
+
+    def describe(self):
+        return {
+            'Account': {
+                'Id': self.id,
+                'Arn': self.arn,
+                'Email': self.email,
+                'Name': self.name,
+                'Status': self.status,
+                'JoinedMethod': self.joined_method,
+                'JoinedTimestamp': unix_time(self.create_time),
+            }
+        }
+
+
+class FakeOrganizationalUnit(BaseModel):
+
+    def __init__(self, organization, **kwargs):
+        self.type = 'ORGANIZATIONAL_UNIT'
+        self.organization_id = organization.id
+        self.master_account_id = organization.master_account_id
+        self.id = utils.make_random_ou_id(organization.root_id)
+        self.name = kwargs.get('Name')
+        self.parent_id = kwargs.get('ParentId')
+        self._arn_format = utils.OU_ARN_FORMAT
+
+    @property
+    def arn(self):
+        return self._arn_format.format(
+            self.master_account_id,
+            self.organization_id,
+            self.id
+        )
+
+    def describe(self):
+        return {
+            'OrganizationalUnit': {
+                'Id': self.id,
+                'Arn': self.arn,
+                'Name': self.name,
+            }
+        }
+
+
+class FakeRoot(FakeOrganizationalUnit):
+
+    def __init__(self, organization, **kwargs):
+        super(FakeRoot, self).__init__(organization, **kwargs)
+        self.type = 'ROOT'
+        self.id = organization.root_id
+        self.name = 'Root'
+        self.policy_types = [{
+            'Type': 'SERVICE_CONTROL_POLICY',
+            'Status': 'ENABLED'
+        }]
+        self._arn_format = utils.ROOT_ARN_FORMAT
+
+    def describe(self):
+        return {
+            'Id': self.id,
+            'Arn': self.arn,
+            'Name': self.name,
+            'PolicyTypes': self.policy_types
+        }
+
+
+class OrganizationsBackend(BaseBackend):
+
+    def __init__(self):
+        self.org = None
+        self.accounts = []
+        self.ou = []
+
+    def create_organization(self, **kwargs):
+        self.org = FakeOrganization(kwargs['FeatureSet'])
+        self.ou.append(FakeRoot(self.org))
+        return self.org.describe()
+
+    def describe_organization(self):
+        if not self.org:
+            raise RESTError(
+                'AWSOrganizationsNotInUseException',
+                "Your account is not a member of an organization."
+            )
+        return self.org.describe()
+
+    def list_roots(self):
+        return dict(
+            Roots=[ou.describe() for ou in self.ou if isinstance(ou, FakeRoot)]
+        )
+
+    def create_organizational_unit(self, **kwargs):
+        new_ou = FakeOrganizationalUnit(self.org, **kwargs)
+        self.ou.append(new_ou)
+        return new_ou.describe()
+
+    def get_organizational_unit_by_id(self, ou_id):
+        ou = next((ou for ou in self.ou if ou.id == ou_id), None)
+        if ou is None:
+            raise RESTError(
+                'OrganizationalUnitNotFoundException',
+                "You specified an organizational unit that doesn't exist."
+            )
+        return ou
+
+    def validate_parent_id(self, parent_id):
+        try:
+            self.get_organizational_unit_by_id(parent_id)
+        except RESTError:
+            raise RESTError(
+                'ParentNotFoundException',
+                "You specified parent that doesn't exist."
+            )
+        return parent_id
+
+    def describe_organizational_unit(self, **kwargs):
+        ou = self.get_organizational_unit_by_id(kwargs['OrganizationalUnitId'])
+        return ou.describe()
+
+    def list_organizational_units_for_parent(self, **kwargs):
+        parent_id = self.validate_parent_id(kwargs['ParentId'])
+        return dict(
+            OrganizationalUnits=[
+                {
+                    'Id': ou.id,
+                    'Arn': ou.arn,
+                    'Name': ou.name,
+                }
+                for ou in self.ou
+                if ou.parent_id == parent_id
+            ]
+        )
+
+    def create_account(self, **kwargs):
+        new_account = FakeAccount(self.org, **kwargs)
+        self.accounts.append(new_account)
+        return new_account.create_account_status
+
+    def get_account_by_id(self, account_id):
+        account = next((
+            account for account in self.accounts
+            if account.id == account_id
+        ), None)
+        if account is None:
+            raise RESTError(
+                'AccountNotFoundException',
+                "You specified an account that doesn't exist."
+            )
+        return account
+
+    def describe_account(self, **kwargs):
+        account = self.get_account_by_id(kwargs['AccountId'])
+        return account.describe()
+
+    def list_accounts(self):
+        return dict(
+            Accounts=[account.describe()['Account'] for account in self.accounts]
+        )
+
+    def list_accounts_for_parent(self, **kwargs):
+        parent_id = self.validate_parent_id(kwargs['ParentId'])
+        return dict(
+            Accounts=[
+                account.describe()['Account']
+                for account in self.accounts
+                if account.parent_id == parent_id
+            ]
+        )
+
+    def move_account(self, **kwargs):
+        new_parent_id = self.validate_parent_id(kwargs['DestinationParentId'])
+        self.validate_parent_id(kwargs['SourceParentId'])
+        account = self.get_account_by_id(kwargs['AccountId'])
+        index = self.accounts.index(account)
+        self.accounts[index].parent_id = new_parent_id
+
+    def list_parents(self, **kwargs):
+        if re.compile(r'[0-9]{12}').match(kwargs['ChildId']):
+            child_object = self.get_account_by_id(kwargs['ChildId'])
+        else:
+            child_object = self.get_organizational_unit_by_id(kwargs['ChildId'])
+        return dict(
+            Parents=[
+                {
+                    'Id': ou.id,
+                    'Type': ou.type,
+                }
+                for ou in self.ou
+                if ou.id == child_object.parent_id
+            ]
+        )
+
+    def list_children(self, **kwargs):
+        parent_id = self.validate_parent_id(kwargs['ParentId'])
+        if kwargs['ChildType'] == 'ACCOUNT':
+            obj_list = self.accounts
+        elif kwargs['ChildType'] == 'ORGANIZATIONAL_UNIT':
+            obj_list = self.ou
+        else:
+            raise RESTError(
+                'InvalidInputException',
+                'You specified an invalid value.'
+            )
+        return dict(
+            Children=[
+                {
+                    'Id': obj.id,
+                    'Type': kwargs['ChildType'],
+                }
+                for obj in obj_list
+                if obj.parent_id == parent_id
+            ]
+        )
+
+
+organizations_backend = OrganizationsBackend()

moto/organizations/responses.py

@@ -0,0 +1,87 @@
+from __future__ import unicode_literals
+import json
+
+from moto.core.responses import BaseResponse
+from .models import organizations_backend
+
+
+class OrganizationsResponse(BaseResponse):
+
+    @property
+    def organizations_backend(self):
+        return organizations_backend
+
+    @property
+    def request_params(self):
+        try:
+            return json.loads(self.body)
+        except ValueError:
+            return {}
+
+    def _get_param(self, param, default=None):
+        return self.request_params.get(param, default)
+
+    def create_organization(self):
+        return json.dumps(
+            self.organizations_backend.create_organization(**self.request_params)
+        )
+
+    def describe_organization(self):
+        return json.dumps(
+            self.organizations_backend.describe_organization()
+        )
+
+    def list_roots(self):
+        return json.dumps(
+            self.organizations_backend.list_roots()
+        )
+
+    def create_organizational_unit(self):
+        return json.dumps(
+            self.organizations_backend.create_organizational_unit(**self.request_params)
+        )
+
+    def describe_organizational_unit(self):
+        return json.dumps(
+            self.organizations_backend.describe_organizational_unit(**self.request_params)
+        )
+
+    def list_organizational_units_for_parent(self):
+        return json.dumps(
+            self.organizations_backend.list_organizational_units_for_parent(**self.request_params)
+        )
+
+    def list_parents(self):
+        return json.dumps(
+            self.organizations_backend.list_parents(**self.request_params)
+        )
+
+    def create_account(self):
+        return json.dumps(
+            self.organizations_backend.create_account(**self.request_params)
+        )
+
+    def describe_account(self):
+        return json.dumps(
+            self.organizations_backend.describe_account(**self.request_params)
+        )
+
+    def list_accounts(self):
+        return json.dumps(
+            self.organizations_backend.list_accounts()
+        )
+
+    def list_accounts_for_parent(self):
+        return json.dumps(
+            self.organizations_backend.list_accounts_for_parent(**self.request_params)
+        )
+
+    def move_account(self):
+        return json.dumps(
+            self.organizations_backend.move_account(**self.request_params)
+        )
+
+    def list_children(self):
+        return json.dumps(
+            self.organizations_backend.list_children(**self.request_params)
+        )

moto/organizations/urls.py

@@ -0,0 +1,10 @@
+from __future__ import unicode_literals
+from .responses import OrganizationsResponse
+
+url_bases = [
+    "https?://organizations.(.+).amazonaws.com",
+]
+
+url_paths = {
+    '{0}/$': OrganizationsResponse.dispatch,
+}

moto/organizations/utils.py

@@ -0,0 +1,59 @@
+from __future__ import unicode_literals
+
+import random
+import string
+
+MASTER_ACCOUNT_ID = '123456789012'
+MASTER_ACCOUNT_EMAIL = 'fakeorg@moto-example.com'
+ORGANIZATION_ARN_FORMAT = 'arn:aws:organizations::{0}:organization/{1}'
+MASTER_ACCOUNT_ARN_FORMAT = 'arn:aws:organizations::{0}:account/{1}/{0}'
+ACCOUNT_ARN_FORMAT = 'arn:aws:organizations::{0}:account/{1}/{2}'
+ROOT_ARN_FORMAT = 'arn:aws:organizations::{0}:root/{1}/{2}'
+OU_ARN_FORMAT = 'arn:aws:organizations::{0}:ou/{1}/{2}'
+
+CHARSET = string.ascii_lowercase + string.digits
+ORG_ID_SIZE = 10
+ROOT_ID_SIZE = 4
+ACCOUNT_ID_SIZE = 12
+OU_ID_SUFFIX_SIZE = 8
+CREATE_ACCOUNT_STATUS_ID_SIZE = 8
+
+
+def make_random_org_id():
+    # The regex pattern for an organization ID string requires "o-"
+    # followed by from 10 to 32 lower-case letters or digits.
+    # e.g. 'o-vipjnq5z86'
+    return 'o-' + ''.join(random.choice(CHARSET) for x in range(ORG_ID_SIZE))
+
+
+def make_random_root_id():
+    # The regex pattern for a root ID string requires "r-" followed by
+    # from 4 to 32 lower-case letters or digits.
+    # e.g. 'r-3zwx'
+    return 'r-' + ''.join(random.choice(CHARSET) for x in range(ROOT_ID_SIZE))
+
+
+def make_random_ou_id(root_id):
+    # The regex pattern for an organizational unit ID string requires "ou-"
+    # followed by from 4 to 32 lower-case letters or digits (the ID of the root
+    # that contains the OU) followed by a second "-" dash and from 8 to 32
+    # additional lower-case letters or digits.
+    # e.g. ou-g8sd-5oe3bjaw
+    return '-'.join([
+        'ou',
+        root_id.partition('-')[2],
+        ''.join(random.choice(CHARSET) for x in range(OU_ID_SUFFIX_SIZE)),
+    ])
+
+
+def make_random_account_id():
+    # The regex pattern for an account ID string requires exactly 12 digits.
+    # e.g. '488633172133'
+    return ''.join([random.choice(string.digits) for n in range(ACCOUNT_ID_SIZE)])
+
+
+def make_random_create_account_status_id():
+    # The regex pattern for an create account request ID string requires
+    # "car-" followed by from 8 to 32 lower-case letters or digits.
+    # e.g. 'car-35gxzwrp'
+    return 'car-' + ''.join(random.choice(CHARSET) for x in range(CREATE_ACCOUNT_STATUS_ID_SIZE))

tests/test_organizations/organizations_test_utils.py

@@ -0,0 +1,136 @@
+from __future__ import unicode_literals
+
+import six
+import sure   # noqa
+import datetime
+from moto.organizations import utils
+
+EMAIL_REGEX = "^.+@[a-zA-Z0-9-.]+.[a-zA-Z]{2,3}|[0-9]{1,3}$"
+ORG_ID_REGEX = r'o-[a-z0-9]{%s}' % utils.ORG_ID_SIZE
+ROOT_ID_REGEX = r'r-[a-z0-9]{%s}' % utils.ROOT_ID_SIZE
+OU_ID_REGEX = r'ou-[a-z0-9]{%s}-[a-z0-9]{%s}' % (utils.ROOT_ID_SIZE, utils.OU_ID_SUFFIX_SIZE)
+ACCOUNT_ID_REGEX = r'[0-9]{%s}' % utils.ACCOUNT_ID_SIZE
+CREATE_ACCOUNT_STATUS_ID_REGEX = r'car-[a-z0-9]{%s}' % utils.CREATE_ACCOUNT_STATUS_ID_SIZE
+
+
+def test_make_random_org_id():
+    org_id = utils.make_random_org_id()
+    org_id.should.match(ORG_ID_REGEX)
+
+
+def test_make_random_root_id():
+    root_id = utils.make_random_root_id()
+    root_id.should.match(ROOT_ID_REGEX)
+
+
+def test_make_random_ou_id():
+    root_id = utils.make_random_root_id()
+    ou_id = utils.make_random_ou_id(root_id)
+    ou_id.should.match(OU_ID_REGEX)
+
+
+def test_make_random_account_id():
+    account_id = utils.make_random_account_id()
+    account_id.should.match(ACCOUNT_ID_REGEX)
+
+
+def test_make_random_create_account_status_id():
+    create_account_status_id = utils.make_random_create_account_status_id()
+    create_account_status_id.should.match(CREATE_ACCOUNT_STATUS_ID_REGEX)
+
+
+def validate_organization(response):
+    org = response['Organization']
+    sorted(org.keys()).should.equal([
+        'Arn',
+        'AvailablePolicyTypes',
+        'FeatureSet',
+        'Id',
+        'MasterAccountArn',
+        'MasterAccountEmail',
+        'MasterAccountId',
+    ])
+    org['Id'].should.match(ORG_ID_REGEX)
+    org['MasterAccountId'].should.equal(utils.MASTER_ACCOUNT_ID)
+    org['MasterAccountArn'].should.equal(utils.MASTER_ACCOUNT_ARN_FORMAT.format(
+        org['MasterAccountId'],
+        org['Id'],
+    ))
+    org['Arn'].should.equal(utils.ORGANIZATION_ARN_FORMAT.format(
+        org['MasterAccountId'],
+        org['Id'],
+    ))
+    org['MasterAccountEmail'].should.equal(utils.MASTER_ACCOUNT_EMAIL)
+    org['FeatureSet'].should.be.within(['ALL', 'CONSOLIDATED_BILLING'])
+    org['AvailablePolicyTypes'].should.equal([{
+        'Type': 'SERVICE_CONTROL_POLICY',
+        'Status': 'ENABLED'
+    }])
+
+
+def validate_roots(org, response):
+    response.should.have.key('Roots').should.be.a(list)
+    response['Roots'].should_not.be.empty
+    root = response['Roots'][0]
+    root.should.have.key('Id').should.match(ROOT_ID_REGEX)
+    root.should.have.key('Arn').should.equal(utils.ROOT_ARN_FORMAT.format(
+        org['MasterAccountId'],
+        org['Id'],
+        root['Id'],
+    ))
+    root.should.have.key('Name').should.be.a(six.string_types)
+    root.should.have.key('PolicyTypes').should.be.a(list)
+    root['PolicyTypes'][0].should.have.key('Type').should.equal('SERVICE_CONTROL_POLICY')
+    root['PolicyTypes'][0].should.have.key('Status').should.equal('ENABLED')
+
+
+def validate_organizational_unit(org, response):
+    response.should.have.key('OrganizationalUnit').should.be.a(dict)
+    ou = response['OrganizationalUnit']
+    ou.should.have.key('Id').should.match(OU_ID_REGEX)
+    ou.should.have.key('Arn').should.equal(utils.OU_ARN_FORMAT.format(
+        org['MasterAccountId'],
+        org['Id'],
+        ou['Id'],
+    ))
+    ou.should.have.key('Name').should.be.a(six.string_types)
+
+
+def validate_account(org, account):
+    sorted(account.keys()).should.equal([
+        'Arn',
+        'Email',
+        'Id',
+        'JoinedMethod',
+        'JoinedTimestamp',
+        'Name',
+        'Status',
+    ])
+    account['Id'].should.match(ACCOUNT_ID_REGEX)
+    account['Arn'].should.equal(utils.ACCOUNT_ARN_FORMAT.format(
+        org['MasterAccountId'],
+        org['Id'],
+        account['Id'],
+    ))
+    account['Email'].should.match(EMAIL_REGEX)
+    account['JoinedMethod'].should.be.within(['INVITED', 'CREATED'])
+    account['Status'].should.be.within(['ACTIVE', 'SUSPENDED'])
+    account['Name'].should.be.a(six.string_types)
+    account['JoinedTimestamp'].should.be.a(datetime.datetime)
+
+
+def validate_create_account_status(create_status):
+    sorted(create_status.keys()).should.equal([
+        'AccountId',
+        'AccountName',
+        'CompletedTimestamp',
+        'Id',
+        'RequestedTimestamp',
+        'State',
+    ])
+    create_status['Id'].should.match(CREATE_ACCOUNT_STATUS_ID_REGEX)
+    create_status['AccountId'].should.match(ACCOUNT_ID_REGEX)
+    create_status['AccountName'].should.be.a(six.string_types)
+    create_status['State'].should.equal('SUCCEEDED')
+    create_status['RequestedTimestamp'].should.be.a(datetime.datetime)
+    create_status['CompletedTimestamp'].should.be.a(datetime.datetime)

tests/test_organizations/test_organizations_boto3.py

@@ -0,0 +1,322 @@
+from __future__ import unicode_literals
+
+import boto3
+import sure   # noqa
+from botocore.exceptions import ClientError
+from nose.tools import assert_raises
+
+from moto import mock_organizations
+from moto.organizations import utils
+from .organizations_test_utils import (
+    validate_organization,
+    validate_roots,
+    validate_organizational_unit,
+    validate_account,
+    validate_create_account_status,
+)
+
+
+@mock_organizations
+def test_create_organization():
+    client = boto3.client('organizations', region_name='us-east-1')
+    response = client.create_organization(FeatureSet='ALL')
+    validate_organization(response)
+    response['Organization']['FeatureSet'].should.equal('ALL')
+
+
+@mock_organizations
+def test_describe_organization():
+    client = boto3.client('organizations', region_name='us-east-1')
+    client.create_organization(FeatureSet='ALL')
+    response = client.describe_organization()
+    validate_organization(response)
+
+
+@mock_organizations
+def test_describe_organization_exception():
+    client = boto3.client('organizations', region_name='us-east-1')
+    with assert_raises(ClientError) as e:
+        response = client.describe_organization()
+    ex = e.exception
+    ex.operation_name.should.equal('DescribeOrganization')
+    ex.response['Error']['Code'].should.equal('400')
+    ex.response['Error']['Message'].should.contain('AWSOrganizationsNotInUseException')
+
+
+# Organizational Units
+
+@mock_organizations
+def test_list_roots():
+    client = boto3.client('organizations', region_name='us-east-1')
+    org = client.create_organization(FeatureSet='ALL')['Organization']
+    response = client.list_roots()
+    validate_roots(org, response)
+
+
+@mock_organizations
+def test_create_organizational_unit():
+    client = boto3.client('organizations', region_name='us-east-1')
+    org = client.create_organization(FeatureSet='ALL')['Organization']
+    root_id = client.list_roots()['Roots'][0]['Id']
+    ou_name = 'ou01'
+    response = client.create_organizational_unit(
+        ParentId=root_id,
+        Name=ou_name,
+    )
+    validate_organizational_unit(org, response)
+    response['OrganizationalUnit']['Name'].should.equal(ou_name)
+
+
+@mock_organizations
+def test_describe_organizational_unit():
+    client = boto3.client('organizations', region_name='us-east-1')
+    org = client.create_organization(FeatureSet='ALL')['Organization']
+    root_id = client.list_roots()['Roots'][0]['Id']
+    ou_id = client.create_organizational_unit(
+        ParentId=root_id,
+        Name='ou01',
+    )['OrganizationalUnit']['Id']
+    response = client.describe_organizational_unit(OrganizationalUnitId=ou_id)
+    validate_organizational_unit(org, response)
+
+
+@mock_organizations
+def test_describe_organizational_unit_exception():
+    client = boto3.client('organizations', region_name='us-east-1')
+    org = client.create_organization(FeatureSet='ALL')['Organization']
+    with assert_raises(ClientError) as e:
+        response = client.describe_organizational_unit(
+            OrganizationalUnitId=utils.make_random_root_id()
+        )
+    ex = e.exception
+    ex.operation_name.should.equal('DescribeOrganizationalUnit')
+    ex.response['Error']['Code'].should.equal('400')
+    ex.response['Error']['Message'].should.contain('OrganizationalUnitNotFoundException')
+
+
+@mock_organizations
+def test_list_organizational_units_for_parent():
+    client = boto3.client('organizations', region_name='us-east-1')
+    org = client.create_organization(FeatureSet='ALL')['Organization']
+    root_id = client.list_roots()['Roots'][0]['Id']
+    client.create_organizational_unit(ParentId=root_id, Name='ou01')
+    client.create_organizational_unit(ParentId=root_id, Name='ou02')
+    client.create_organizational_unit(ParentId=root_id, Name='ou03')
+    response = client.list_organizational_units_for_parent(ParentId=root_id)
+    response.should.have.key('OrganizationalUnits').should.be.a(list)
+    for ou in response['OrganizationalUnits']:
+        validate_organizational_unit(org, dict(OrganizationalUnit=ou))
+
+
+@mock_organizations
+def test_list_organizational_units_for_parent_exception():
+    client = boto3.client('organizations', region_name='us-east-1')
+    with assert_raises(ClientError) as e:
+        response = client.list_organizational_units_for_parent(
+            ParentId=utils.make_random_root_id()
+        )
+    ex = e.exception
+    ex.operation_name.should.equal('ListOrganizationalUnitsForParent')
+    ex.response['Error']['Code'].should.equal('400')
+    ex.response['Error']['Message'].should.contain('ParentNotFoundException')
+
+
+# Accounts
+mockname = 'mock-account'
+mockdomain = 'moto-example.org'
+mockemail = '@'.join([mockname, mockdomain])
+
+
+@mock_organizations
+def test_create_account():
+    client = boto3.client('organizations', region_name='us-east-1')
+    client.create_organization(FeatureSet='ALL')
+    create_status = client.create_account(
+        AccountName=mockname, Email=mockemail
+    )['CreateAccountStatus']
+    validate_create_account_status(create_status)
+    create_status['AccountName'].should.equal(mockname)
+
+
+@mock_organizations
+def test_describe_account():
+    client = boto3.client('organizations', region_name='us-east-1')
+    org = client.create_organization(FeatureSet='ALL')['Organization']
+    account_id = client.create_account(
+        AccountName=mockname, Email=mockemail
+    )['CreateAccountStatus']['AccountId']
+    response = client.describe_account(AccountId=account_id)
+    validate_account(org, response['Account'])
+    response['Account']['Name'].should.equal(mockname)
+    response['Account']['Email'].should.equal(mockemail)
+
+
+@mock_organizations
+def test_describe_account_exception():
+    client = boto3.client('organizations', region_name='us-east-1')
+    with assert_raises(ClientError) as e:
+        response = client.describe_account(AccountId=utils.make_random_account_id())
+    ex = e.exception
+    ex.operation_name.should.equal('DescribeAccount')
+    ex.response['Error']['Code'].should.equal('400')
+    ex.response['Error']['Message'].should.contain('AccountNotFoundException')
+
+
+@mock_organizations
+def test_list_accounts():
+    client = boto3.client('organizations', region_name='us-east-1')
+    org = client.create_organization(FeatureSet='ALL')['Organization']
+    for i in range(5):
+        name = mockname + str(i)
+        email = name + '@' + mockdomain
+        client.create_account(AccountName=name, Email=email)
+    response = client.list_accounts()
+    response.should.have.key('Accounts')
+    accounts = response['Accounts']
+    len(accounts).should.equal(5)
+    for account in accounts:
+        validate_account(org, account)
+    accounts[3]['Name'].should.equal(mockname + '3')
+    accounts[2]['Email'].should.equal(mockname + '2' + '@' + mockdomain)
+
+
+@mock_organizations
+def test_list_accounts_for_parent():
+    client = boto3.client('organizations', region_name='us-east-1')
+    org = client.create_organization(FeatureSet='ALL')['Organization']
+    root_id = client.list_roots()['Roots'][0]['Id']
+    account_id = client.create_account(
+        AccountName=mockname,
+        Email=mockemail,
+    )['CreateAccountStatus']['AccountId']
+    response = client.list_accounts_for_parent(ParentId=root_id)
+    account_id.should.be.within([account['Id'] for account in response['Accounts']])
+
+
+@mock_organizations
+def test_move_account():
+    client = boto3.client('organizations', region_name='us-east-1')
+    org = client.create_organization(FeatureSet='ALL')['Organization']
+    root_id = client.list_roots()['Roots'][0]['Id']
+    account_id = client.create_account(
+        AccountName=mockname, Email=mockemail
+    )['CreateAccountStatus']['AccountId']
+    ou01 = client.create_organizational_unit(ParentId=root_id, Name='ou01')
+    ou01_id = ou01['OrganizationalUnit']['Id']
+    client.move_account(
+        AccountId=account_id,
+        SourceParentId=root_id,
+        DestinationParentId=ou01_id,
+    )
+    response = client.list_accounts_for_parent(ParentId=ou01_id)
+    account_id.should.be.within([account['Id'] for account in response['Accounts']])
+
+
+@mock_organizations
+def test_list_parents_for_ou():
+    client = boto3.client('organizations', region_name='us-east-1')
+    org = client.create_organization(FeatureSet='ALL')['Organization']
+    root_id = client.list_roots()['Roots'][0]['Id']
+    ou01 = client.create_organizational_unit(ParentId=root_id, Name='ou01')
+    ou01_id = ou01['OrganizationalUnit']['Id']
+    response01 = client.list_parents(ChildId=ou01_id)
+    response01.should.have.key('Parents').should.be.a(list)
+    response01['Parents'][0].should.have.key('Id').should.equal(root_id)
+    response01['Parents'][0].should.have.key('Type').should.equal('ROOT')
+    ou02 = client.create_organizational_unit(ParentId=ou01_id, Name='ou02')
+    ou02_id = ou02['OrganizationalUnit']['Id']
+    response02 = client.list_parents(ChildId=ou02_id)
+    response02.should.have.key('Parents').should.be.a(list)
+    response02['Parents'][0].should.have.key('Id').should.equal(ou01_id)
+    response02['Parents'][0].should.have.key('Type').should.equal('ORGANIZATIONAL_UNIT')
+
+
+@mock_organizations
+def test_list_parents_for_accounts():
+    client = boto3.client('organizations', region_name='us-east-1')
+    org = client.create_organization(FeatureSet='ALL')['Organization']
+    root_id = client.list_roots()['Roots'][0]['Id']
+    ou01 = client.create_organizational_unit(ParentId=root_id, Name='ou01')
+    ou01_id = ou01['OrganizationalUnit']['Id']
+    account01_id = client.create_account(
+        AccountName='account01',
+        Email='account01@moto-example.org'
+    )['CreateAccountStatus']['AccountId']
+    account02_id = client.create_account(
+        AccountName='account02',
+        Email='account02@moto-example.org'
+    )['CreateAccountStatus']['AccountId']
+    client.move_account(
+        AccountId=account02_id,
+        SourceParentId=root_id,
+        DestinationParentId=ou01_id,
+    )
+    response01 = client.list_parents(ChildId=account01_id)
+    response01.should.have.key('Parents').should.be.a(list)
+    response01['Parents'][0].should.have.key('Id').should.equal(root_id)
+    response01['Parents'][0].should.have.key('Type').should.equal('ROOT')
+    response02 = client.list_parents(ChildId=account02_id)
+    response02.should.have.key('Parents').should.be.a(list)
+    response02['Parents'][0].should.have.key('Id').should.equal(ou01_id)
+    response02['Parents'][0].should.have.key('Type').should.equal('ORGANIZATIONAL_UNIT')
+
+
+@mock_organizations
+def test_list_children():
+    client = boto3.client('organizations', region_name='us-east-1')
+    org = client.create_organization(FeatureSet='ALL')['Organization']
+    root_id = client.list_roots()['Roots'][0]['Id']
+    ou01 = client.create_organizational_unit(ParentId=root_id, Name='ou01')
+    ou01_id = ou01['OrganizationalUnit']['Id']
+    ou02 = client.create_organizational_unit(ParentId=ou01_id, Name='ou02')
+    ou02_id = ou02['OrganizationalUnit']['Id']
+    account01_id = client.create_account(
+        AccountName='account01',
+        Email='account01@moto-example.org'
+    )['CreateAccountStatus']['AccountId']
+    account02_id = client.create_account(
+        AccountName='account02',
+        Email='account02@moto-example.org'
+    )['CreateAccountStatus']['AccountId']
+    client.move_account(
+        AccountId=account02_id,
+        SourceParentId=root_id,
+        DestinationParentId=ou01_id,
+    )
+    response01 = client.list_children(ParentId=root_id, ChildType='ACCOUNT')
+    response02 = client.list_children(ParentId=root_id, ChildType='ORGANIZATIONAL_UNIT')
+    response03 = client.list_children(ParentId=ou01_id, ChildType='ACCOUNT')
+    response04 = client.list_children(ParentId=ou01_id, ChildType='ORGANIZATIONAL_UNIT')
+    response01['Children'][0]['Id'].should.equal(account01_id)
+    response01['Children'][0]['Type'].should.equal('ACCOUNT')
+    response02['Children'][0]['Id'].should.equal(ou01_id)
+    response02['Children'][0]['Type'].should.equal('ORGANIZATIONAL_UNIT')
+    response03['Children'][0]['Id'].should.equal(account02_id)
+    response03['Children'][0]['Type'].should.equal('ACCOUNT')
+    response04['Children'][0]['Id'].should.equal(ou02_id)
+    response04['Children'][0]['Type'].should.equal('ORGANIZATIONAL_UNIT')
+
+
+@mock_organizations
+def test_list_children_exception():
+    client = boto3.client('organizations', region_name='us-east-1')
+    org = client.create_organization(FeatureSet='ALL')['Organization']
+    root_id = client.list_roots()['Roots'][0]['Id']
+    with assert_raises(ClientError) as e:
+        response = client.list_children(
+            ParentId=utils.make_random_root_id(),
+            ChildType='ACCOUNT'
+        )
+    ex = e.exception
+    ex.operation_name.should.equal('ListChildren')
+    ex.response['Error']['Code'].should.equal('400')
+    ex.response['Error']['Message'].should.contain('ParentNotFoundException')
+    with assert_raises(ClientError) as e:
+        response = client.list_children(
+            ParentId=root_id,
+            ChildType='BLEE'
+        )
+    ex = e.exception
+    ex.operation_name.should.equal('ListChildren')
+    ex.response['Error']['Code'].should.equal('400')
+    ex.response['Error']['Message'].should.contain('InvalidInputException')