adding support for organizations service control policies * [Resolves #2196] - endpoints for querying organizations SC policies I have added the following mock endpoints to the Organizations service: - create_policy - list_policies - describe_policy - attach_policy - list_policies_for_target - list_targets_for_policy
		
			
				
	
	
		
			153 lines
		
	
	
		
			5.2 KiB
		
	
	
	
		
			Python
		
	
	
	
	
	
			
		
		
	
	
			153 lines
		
	
	
		
			5.2 KiB
		
	
	
	
		
			Python
		
	
	
	
	
	
| from __future__ import unicode_literals
 | |
| 
 | |
| import six
 | |
| import sure   # noqa
 | |
| import datetime
 | |
| from moto.organizations import utils
 | |
| 
 | |
| 
 | |
| def test_make_random_org_id():
 | |
|     org_id = utils.make_random_org_id()
 | |
|     org_id.should.match(utils.ORG_ID_REGEX)
 | |
| 
 | |
| 
 | |
| def test_make_random_root_id():
 | |
|     root_id = utils.make_random_root_id()
 | |
|     root_id.should.match(utils.ROOT_ID_REGEX)
 | |
| 
 | |
| 
 | |
| def test_make_random_ou_id():
 | |
|     root_id = utils.make_random_root_id()
 | |
|     ou_id = utils.make_random_ou_id(root_id)
 | |
|     ou_id.should.match(utils.OU_ID_REGEX)
 | |
| 
 | |
| 
 | |
| def test_make_random_account_id():
 | |
|     account_id = utils.make_random_account_id()
 | |
|     account_id.should.match(utils.ACCOUNT_ID_REGEX)
 | |
| 
 | |
| 
 | |
| def test_make_random_create_account_status_id():
 | |
|     create_account_status_id = utils.make_random_create_account_status_id()
 | |
|     create_account_status_id.should.match(utils.CREATE_ACCOUNT_STATUS_ID_REGEX)
 | |
| 
 | |
| 
 | |
| def test_make_random_service_control_policy_id():
 | |
|     service_control_policy_id = utils.make_random_service_control_policy_id()
 | |
|     service_control_policy_id.should.match(utils.SCP_ID_REGEX)
 | |
| 
 | |
| 
 | |
| def validate_organization(response):
 | |
|     org = response['Organization']
 | |
|     sorted(org.keys()).should.equal([
 | |
|         'Arn',
 | |
|         'AvailablePolicyTypes',
 | |
|         'FeatureSet',
 | |
|         'Id',
 | |
|         'MasterAccountArn',
 | |
|         'MasterAccountEmail',
 | |
|         'MasterAccountId',
 | |
|     ])
 | |
|     org['Id'].should.match(utils.ORG_ID_REGEX)
 | |
|     org['MasterAccountId'].should.equal(utils.MASTER_ACCOUNT_ID)
 | |
|     org['MasterAccountArn'].should.equal(utils.MASTER_ACCOUNT_ARN_FORMAT.format(
 | |
|         org['MasterAccountId'],
 | |
|         org['Id'],
 | |
|     ))
 | |
|     org['Arn'].should.equal(utils.ORGANIZATION_ARN_FORMAT.format(
 | |
|         org['MasterAccountId'],
 | |
|         org['Id'],
 | |
|     ))
 | |
|     org['MasterAccountEmail'].should.equal(utils.MASTER_ACCOUNT_EMAIL)
 | |
|     org['FeatureSet'].should.be.within(['ALL', 'CONSOLIDATED_BILLING'])
 | |
|     org['AvailablePolicyTypes'].should.equal([{
 | |
|         'Type': 'SERVICE_CONTROL_POLICY',
 | |
|         'Status': 'ENABLED'
 | |
|     }])
 | |
| 
 | |
| 
 | |
| def validate_roots(org, response):
 | |
|     response.should.have.key('Roots').should.be.a(list)
 | |
|     response['Roots'].should_not.be.empty
 | |
|     root = response['Roots'][0]
 | |
|     root.should.have.key('Id').should.match(utils.ROOT_ID_REGEX)
 | |
|     root.should.have.key('Arn').should.equal(utils.ROOT_ARN_FORMAT.format(
 | |
|         org['MasterAccountId'],
 | |
|         org['Id'],
 | |
|         root['Id'],
 | |
|     ))
 | |
|     root.should.have.key('Name').should.be.a(six.string_types)
 | |
|     root.should.have.key('PolicyTypes').should.be.a(list)
 | |
|     root['PolicyTypes'][0].should.have.key('Type').should.equal('SERVICE_CONTROL_POLICY')
 | |
|     root['PolicyTypes'][0].should.have.key('Status').should.equal('ENABLED')
 | |
| 
 | |
| 
 | |
| def validate_organizational_unit(org, response):
 | |
|     response.should.have.key('OrganizationalUnit').should.be.a(dict)
 | |
|     ou = response['OrganizationalUnit']
 | |
|     ou.should.have.key('Id').should.match(utils.OU_ID_REGEX)
 | |
|     ou.should.have.key('Arn').should.equal(utils.OU_ARN_FORMAT.format(
 | |
|         org['MasterAccountId'],
 | |
|         org['Id'],
 | |
|         ou['Id'],
 | |
|     ))
 | |
|     ou.should.have.key('Name').should.be.a(six.string_types)
 | |
| 
 | |
| 
 | |
| def validate_account(org, account):
 | |
|     sorted(account.keys()).should.equal([
 | |
|         'Arn',
 | |
|         'Email',
 | |
|         'Id',
 | |
|         'JoinedMethod',
 | |
|         'JoinedTimestamp',
 | |
|         'Name',
 | |
|         'Status',
 | |
|     ])
 | |
|     account['Id'].should.match(utils.ACCOUNT_ID_REGEX)
 | |
|     account['Arn'].should.equal(utils.ACCOUNT_ARN_FORMAT.format(
 | |
|         org['MasterAccountId'],
 | |
|         org['Id'],
 | |
|         account['Id'],
 | |
|     ))
 | |
|     account['Email'].should.match(utils.EMAIL_REGEX)
 | |
|     account['JoinedMethod'].should.be.within(['INVITED', 'CREATED'])
 | |
|     account['Status'].should.be.within(['ACTIVE', 'SUSPENDED'])
 | |
|     account['Name'].should.be.a(six.string_types)
 | |
|     account['JoinedTimestamp'].should.be.a(datetime.datetime)
 | |
| 
 | |
| 
 | |
| def validate_create_account_status(create_status):
 | |
|     sorted(create_status.keys()).should.equal([
 | |
|         'AccountId',
 | |
|         'AccountName',
 | |
|         'CompletedTimestamp',
 | |
|         'Id',
 | |
|         'RequestedTimestamp',
 | |
|         'State',
 | |
|     ])
 | |
|     create_status['Id'].should.match(utils.CREATE_ACCOUNT_STATUS_ID_REGEX)
 | |
|     create_status['AccountId'].should.match(utils.ACCOUNT_ID_REGEX)
 | |
|     create_status['AccountName'].should.be.a(six.string_types)
 | |
|     create_status['State'].should.equal('SUCCEEDED')
 | |
|     create_status['RequestedTimestamp'].should.be.a(datetime.datetime)
 | |
|     create_status['CompletedTimestamp'].should.be.a(datetime.datetime)
 | |
| 
 | |
| def validate_policy_summary(org, summary):
 | |
|     summary.should.be.a(dict)
 | |
|     summary.should.have.key('Id').should.match(utils.SCP_ID_REGEX)
 | |
|     summary.should.have.key('Arn').should.equal(utils.SCP_ARN_FORMAT.format(
 | |
|         org['MasterAccountId'],
 | |
|         org['Id'],
 | |
|         summary['Id'],
 | |
|     ))
 | |
|     summary.should.have.key('Name').should.be.a(six.string_types)
 | |
|     summary.should.have.key('Description').should.be.a(six.string_types)
 | |
|     summary.should.have.key('Type').should.equal('SERVICE_CONTROL_POLICY')
 | |
|     summary.should.have.key('AwsManaged').should.be.a(bool)
 | |
| 
 | |
| def validate_service_control_policy(org, response):
 | |
|     response.should.have.key('PolicySummary').should.be.a(dict)
 | |
|     response.should.have.key('Content').should.be.a(six.string_types)
 | |
|     validate_policy_summary(org, response['PolicySummary'])
 |