-
Notifications
You must be signed in to change notification settings - Fork 45
/
Copy pathtest_api.py
116 lines (93 loc) · 3.98 KB
/
test_api.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
import os
import unittest
from unittest.mock import patch, MagicMock
import datadog_lambda.api as api
class TestDatadogLambdaAPI(unittest.TestCase):
def setUp(self):
api.api_key = None
self.env_patcher = patch.dict(
os.environ,
{
"DD_API_KEY_SECRET_ARN": "",
"DD_API_KEY_SSM_NAME": "",
"DD_KMS_API_KEY": "",
"DD_API_KEY": "",
"DATADOG_API_KEY": "",
"AWS_REGION": "",
},
clear=True,
)
self.env_patcher.start()
@patch("botocore.session.Session.create_client")
def test_secrets_manager_fips_endpoint(self, mock_boto3_client):
mock_client = MagicMock()
mock_client.get_secret_value.return_value = {"SecretString": "test-api-key"}
mock_boto3_client.return_value = mock_client
os.environ["AWS_REGION"] = "us-gov-east-1"
os.environ[
"DD_API_KEY_SECRET_ARN"
] = "arn:aws:secretsmanager:us-gov-east-1:1234567890:secret:key-name-123ABC"
api_key = api.get_api_key()
mock_boto3_client.assert_called_with(
"secretsmanager",
endpoint_url="https://secretsmanager-fips.us-gov-east-1.amazonaws.com",
region_name="us-gov-east-1",
)
self.assertEqual(api_key, "test-api-key")
@patch("botocore.session.Session.create_client")
def test_secrets_manager_different_region(self, mock_boto3_client):
mock_client = MagicMock()
mock_client.get_secret_value.return_value = {"SecretString": "test-api-key"}
mock_boto3_client.return_value = mock_client
os.environ["AWS_REGION"] = "us-east-1"
os.environ[
"DD_API_KEY_SECRET_ARN"
] = "arn:aws:secretsmanager:us-west-1:1234567890:secret:key-name-123ABC"
api_key = api.get_api_key()
mock_boto3_client.assert_called_with(
"secretsmanager",
endpoint_url=None,
region_name="us-west-1",
)
self.assertEqual(api_key, "test-api-key")
@patch("botocore.session.Session.create_client")
def test_ssm_fips_endpoint(self, mock_boto3_client):
mock_client = MagicMock()
mock_client.get_parameter.return_value = {
"Parameter": {"Value": "test-api-key"}
}
mock_boto3_client.return_value = mock_client
os.environ["AWS_REGION"] = "us-gov-west-1"
os.environ["DD_API_KEY_SSM_NAME"] = "test-ssm-param"
api_key = api.get_api_key()
mock_boto3_client.assert_called_with(
"ssm", endpoint_url="https://ssm-fips.us-gov-west-1.amazonaws.com"
)
self.assertEqual(api_key, "test-api-key")
@patch("botocore.session.Session.create_client")
@patch("datadog_lambda.api.decrypt_kms_api_key")
def test_kms_fips_endpoint(self, mock_decrypt_kms, mock_boto3_client):
mock_client = MagicMock()
mock_boto3_client.return_value = mock_client
mock_decrypt_kms.return_value = "test-api-key"
os.environ["AWS_REGION"] = "us-gov-west-1"
os.environ["DD_KMS_API_KEY"] = "encrypted-api-key"
api_key = api.get_api_key()
mock_boto3_client.assert_called_with(
"kms", endpoint_url="https://kms-fips.us-gov-west-1.amazonaws.com"
)
self.assertEqual(api_key, "test-api-key")
@patch("botocore.session.Session.create_client")
def test_no_fips_for_standard_regions(self, mock_boto3_client):
mock_client = MagicMock()
mock_client.get_secret_value.return_value = {"SecretString": "test-api-key"}
mock_boto3_client.return_value = mock_client
os.environ.clear()
os.environ["AWS_REGION"] = "us-west-2"
os.environ[
"DD_API_KEY_SECRET_ARN"
] = "arn:aws:secretsmanager:us-west-2:1234567890:secret:key-name-123ABC"
api.get_api_key()
mock_boto3_client.assert_called_with(
"secretsmanager", endpoint_url=None, region_name="us-west-2"
)