-
Notifications
You must be signed in to change notification settings - Fork 6
Expand file tree
/
Copy pathtest_authorizer_integration.py
More file actions
106 lines (90 loc) · 4.06 KB
/
Copy pathtest_authorizer_integration.py
File metadata and controls
106 lines (90 loc) · 4.06 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
import os
import json
import boto3
import pytest
from moto import mock_secretsmanager, mock_codebuild
from authorizer.authorizer import handler
from urllib.error import URLError
# Simulated HTTP response for GitHub API
class DummyResponse:
def __init__(self, data):
self._data = data
def read(self):
return json.dumps(self._data).encode('utf-8')
def __enter__(self):
return self
def __exit__(self, exc_type, exc_val, exc_tb):
pass
@pytest.fixture(autouse=True)
def set_env_vars(monkeypatch):
monkeypatch.setenv('GITHUB_TOKEN_SECRET_ARN', 'arn:aws:secretsmanager:us-east-1:123456:secret:githtoken')
monkeypatch.setenv('GitHubOwner', 'code-dot-org')
monkeypatch.setenv('GitHubRepo', 'aiproxy')
monkeypatch.setenv('GitHubBranch', 'main')
monkeypatch.setenv('CODEBUILD_PROJECT', 'pr-build-project')
@mock_secretsmanager
@mock_codebuild
def test_integration_starts_codebuild(monkeypatch):
# Setup SecretsManager
sm = boto3.client('secretsmanager', region_name='us-east-1')
sm.create_secret(Name='githtoken', SecretString=json.dumps({'token':'fakepat'}))
# Create CodeBuild project
cb = boto3.client('codebuild', region_name='us-east-1')
cb.create_project(
name='pr-build-project',
source={'type':'CODEPIPELINE'},
artifacts={'type':'NO_ARTIFACTS'},
environment={'type':'LINUX_CONTAINER','computeType':'BUILD_GENERAL1_SMALL','image':'aws/codebuild/amazonlinux2-x86_64-standard:5.0'}
)
# Stub urlopen to return write permission
def fake_urlopen(req):
return DummyResponse({'permission':'maintain'})
monkeypatch.setattr('authorizer.authorizer.request.urlopen', fake_urlopen)
# Simulate event
event = { 'detail': { 'pull_request': { 'base': { 'ref': 'main' }, 'user': { 'login': 'octocat' } } } }
handler(event, None)
# List builds to confirm start
builds = cb.list_builds_for_project(projectName='pr-build-project')['ids']
assert len(builds) == 1
@mock_secretsmanager
@mock_codebuild
def test_integration_no_start_on_bad_permission(monkeypatch):
# Setup SecretsManager
sm = boto3.client('secretsmanager', region_name='us-east-1')
sm.create_secret(Name='githtoken', SecretString=json.dumps({'token':'fakepat'}))
# Create CodeBuild project
cb = boto3.client('codebuild', region_name='us-east-1')
cb.create_project(
name='pr-build-project',
source={'type':'CODEPIPELINE'},
artifacts={'type':'NO_ARTIFACTS'},
environment={'type':'LINUX_CONTAINER','computeType':'BUILD_GENERAL1_SMALL','image':'aws/codebuild/amazonlinux2-x86_64-standard:5.0'}
)
# Stub urlopen to return read permission
def fake_urlopen(req):
return DummyResponse({'permission':'read'})
monkeypatch.setattr('authorizer.authorizer.request.urlopen', fake_urlopen)
event = { 'detail': { 'pull_request': { 'base': { 'ref': 'main' }, 'user': { 'login': 'octocat' } } } }
handler(event, None)
builds = cb.list_builds_for_project(projectName='pr-build-project')['ids']
assert len(builds) == 0
@mock_secretsmanager
@mock_codebuild
def test_integration_no_start_on_wrong_branch(monkeypatch):
# Setup SecretsManager and CodeBuild
sm = boto3.client('secretsmanager', region_name='us-east-1')
sm.create_secret(Name='githtoken', SecretString=json.dumps({'token':'fakepat'}))
cb = boto3.client('codebuild', region_name='us-east-1')
cb.create_project(
name='pr-build-project',
source={'type':'CODEPIPELINE'},
artifacts={'type':'NO_ARTIFACTS'},
environment={'type':'LINUX_CONTAINER','computeType':'BUILD_GENERAL1_SMALL','image':'aws/codebuild/amazonlinux2-x86_64-standard:5.0'}
)
# Stub urlopen
monkeypatch.setattr('authorizer.authorizer.request.urlopen', lambda req: DummyResponse({'permission':'admin'}))
# Wrong branch
event = { 'detail': { 'pull_request': { 'base': { 'ref': 'feature' }, 'user': { 'login': 'octocat' } } } }
handler(event, None)
builds = cb.list_builds_for_project(projectName='pr-build-project')['ids']
assert len(builds) == 0