[Resolves #2196] - endpoints for querying organizations SC policies (#2197)

adding support for organizations service control policies * [Resolves #2196] - endpoints for querying organizations SC policies I have added the following mock endpoints to the Organizations service: - create_policy - list_policies - describe_policy - attach_policy - list_policies_for_target - list_targets_for_policy
2019-05-25 02:20:19 -07:00 · 2019-05-25 02:20:19 -07:00 · a3f6d2c110
commit a3f6d2c110
parent a61124f774
6 changed files with 508 additions and 26 deletions
--- a/tests/test_organizations/organizations_test_utils.py
+++ b/tests/test_organizations/organizations_test_utils.py
@ -5,38 +5,36 @@ import sure   # noqa
 import datetime
 from moto.organizations import utils

-EMAIL_REGEX = "^.+@[a-zA-Z0-9-.]+.[a-zA-Z]{2,3}|[0-9]{1,3}$"
-ORG_ID_REGEX = r'o-[a-z0-9]{%s}' % utils.ORG_ID_SIZE
-ROOT_ID_REGEX = r'r-[a-z0-9]{%s}' % utils.ROOT_ID_SIZE
-OU_ID_REGEX = r'ou-[a-z0-9]{%s}-[a-z0-9]{%s}' % (utils.ROOT_ID_SIZE, utils.OU_ID_SUFFIX_SIZE)
-ACCOUNT_ID_REGEX = r'[0-9]{%s}' % utils.ACCOUNT_ID_SIZE
-CREATE_ACCOUNT_STATUS_ID_REGEX = r'car-[a-z0-9]{%s}' % utils.CREATE_ACCOUNT_STATUS_ID_SIZE
-

 def test_make_random_org_id():
    org_id = utils.make_random_org_id()
-    org_id.should.match(ORG_ID_REGEX)
+    org_id.should.match(utils.ORG_ID_REGEX)


 def test_make_random_root_id():
    root_id = utils.make_random_root_id()
-    root_id.should.match(ROOT_ID_REGEX)
+    root_id.should.match(utils.ROOT_ID_REGEX)


 def test_make_random_ou_id():
    root_id = utils.make_random_root_id()
    ou_id = utils.make_random_ou_id(root_id)
-    ou_id.should.match(OU_ID_REGEX)
+    ou_id.should.match(utils.OU_ID_REGEX)


 def test_make_random_account_id():
    account_id = utils.make_random_account_id()
-    account_id.should.match(ACCOUNT_ID_REGEX)
+    account_id.should.match(utils.ACCOUNT_ID_REGEX)


 def test_make_random_create_account_status_id():
    create_account_status_id = utils.make_random_create_account_status_id()
-    create_account_status_id.should.match(CREATE_ACCOUNT_STATUS_ID_REGEX)
+    create_account_status_id.should.match(utils.CREATE_ACCOUNT_STATUS_ID_REGEX)
+
+
+def test_make_random_service_control_policy_id():
+    service_control_policy_id = utils.make_random_service_control_policy_id()
+    service_control_policy_id.should.match(utils.SCP_ID_REGEX)


 def validate_organization(response):
@ -50,7 +48,7 @@ def validate_organization(response):
        'MasterAccountEmail',
        'MasterAccountId',
    ])
-    org['Id'].should.match(ORG_ID_REGEX)
+    org['Id'].should.match(utils.ORG_ID_REGEX)
    org['MasterAccountId'].should.equal(utils.MASTER_ACCOUNT_ID)
    org['MasterAccountArn'].should.equal(utils.MASTER_ACCOUNT_ARN_FORMAT.format(
        org['MasterAccountId'],
@ -72,7 +70,7 @@ def validate_roots(org, response):
    response.should.have.key('Roots').should.be.a(list)
    response['Roots'].should_not.be.empty
    root = response['Roots'][0]
-    root.should.have.key('Id').should.match(ROOT_ID_REGEX)
+    root.should.have.key('Id').should.match(utils.ROOT_ID_REGEX)
    root.should.have.key('Arn').should.equal(utils.ROOT_ARN_FORMAT.format(
        org['MasterAccountId'],
        org['Id'],
@ -87,7 +85,7 @@ def validate_roots(org, response):
 def validate_organizational_unit(org, response):
    response.should.have.key('OrganizationalUnit').should.be.a(dict)
    ou = response['OrganizationalUnit']
-    ou.should.have.key('Id').should.match(OU_ID_REGEX)
+    ou.should.have.key('Id').should.match(utils.OU_ID_REGEX)
    ou.should.have.key('Arn').should.equal(utils.OU_ARN_FORMAT.format(
        org['MasterAccountId'],
        org['Id'],
@ -106,13 +104,13 @@ def validate_account(org, account):
        'Name',
        'Status',
    ])
-    account['Id'].should.match(ACCOUNT_ID_REGEX)
+    account['Id'].should.match(utils.ACCOUNT_ID_REGEX)
    account['Arn'].should.equal(utils.ACCOUNT_ARN_FORMAT.format(
        org['MasterAccountId'],
        org['Id'],
        account['Id'],
    ))
-    account['Email'].should.match(EMAIL_REGEX)
+    account['Email'].should.match(utils.EMAIL_REGEX)
    account['JoinedMethod'].should.be.within(['INVITED', 'CREATED'])
    account['Status'].should.be.within(['ACTIVE', 'SUSPENDED'])
    account['Name'].should.be.a(six.string_types)
@ -128,9 +126,27 @@ def validate_create_account_status(create_status):
        'RequestedTimestamp',
        'State',
    ])
-    create_status['Id'].should.match(CREATE_ACCOUNT_STATUS_ID_REGEX)
-    create_status['AccountId'].should.match(ACCOUNT_ID_REGEX)
+    create_status['Id'].should.match(utils.CREATE_ACCOUNT_STATUS_ID_REGEX)
+    create_status['AccountId'].should.match(utils.ACCOUNT_ID_REGEX)
    create_status['AccountName'].should.be.a(six.string_types)
    create_status['State'].should.equal('SUCCEEDED')
    create_status['RequestedTimestamp'].should.be.a(datetime.datetime)
    create_status['CompletedTimestamp'].should.be.a(datetime.datetime)
+
+def validate_policy_summary(org, summary):
+    summary.should.be.a(dict)
+    summary.should.have.key('Id').should.match(utils.SCP_ID_REGEX)
+    summary.should.have.key('Arn').should.equal(utils.SCP_ARN_FORMAT.format(
+        org['MasterAccountId'],
+        org['Id'],
+        summary['Id'],
+    ))
+    summary.should.have.key('Name').should.be.a(six.string_types)
+    summary.should.have.key('Description').should.be.a(six.string_types)
+    summary.should.have.key('Type').should.equal('SERVICE_CONTROL_POLICY')
+    summary.should.have.key('AwsManaged').should.be.a(bool)
+
+def validate_service_control_policy(org, response):
+    response.should.have.key('PolicySummary').should.be.a(dict)
+    response.should.have.key('Content').should.be.a(six.string_types)
+    validate_policy_summary(org, response['PolicySummary'])