Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: #242 ensuring alias is set or raise error. #465

Merged
merged 7 commits into from
Aug 12, 2022
Merged

fix: #242 ensuring alias is set or raise error. #465

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
2b137e7
fix: #242 ensuring alias is set or raise error.
Apr 3, 2022
27eabbe
Ensuring the readme.md file clearly states that a non-unique alias wi…
Apr 3, 2022
5417713
Adding final new line to satisfy pylint
Apr 3, 2022
4435351
Adding changing to multiline string to satisfy pylint
Apr 3, 2022
86937fc
Adding tests for account_alias
Apr 7, 2022
3ef86e3
fix: removing hardcoded account alias in error message and updating test
May 24, 2022
c0e30a4
Merge branch 'master' into fix-242
StewartW Aug 11, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 7 additions & 2 deletions src/lambda_codebase/account_processing/configure_account_alias.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,13 @@ def create_account_alias(account, iam_client):
)
try:
iam_client.create_account_alias(AccountAlias=account.get("alias"))
except iam_client.exceptions.EntityAlreadyExistsException:
pass
except iam_client.exceptions.EntityAlreadyExistsException as error:
LOGGER.error(
"""The account alias security already exists.
The account alias must be unique across all Amazon Web Services products.
Refer to https://docs.aws.amazon.com/IAM/latest/UserGuide/console_account-alias.html#AboutAccountAlias"""
)
javydekoning marked this conversation as resolved.
Show resolved Hide resolved
raise error
return account


Expand Down
47 changes: 35 additions & 12 deletions src/lambda_codebase/account_processing/tests/test_account_alias.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,24 +2,47 @@
Tests the account alias configuration lambda
"""

import unittest
import boto3
from botocore.stub import Stubber
from botocore.exceptions import ClientError
from aws_xray_sdk import global_sdk_config
from ..configure_account_alias import create_account_alias

global_sdk_config.set_sdk_enabled(False)

# pylint: disable=W0106
def test_account_alias():
test_account = {"account_id": 123456789012, "alias": "MyCoolAlias"}
iam_client = boto3.client("iam")
stubber = Stubber(iam_client)
create_alias_response = {}
stubber.add_response(
"create_account_alias", create_alias_response, {"AccountAlias": "MyCoolAlias"}
),
stubber.activate()
class SuccessTestCase(unittest.TestCase):
# pylint: disable=W0106
def test_account_alias(self):
test_account = {"account_id": 123456789012, "alias": "MyCoolAlias"}
iam_client = boto3.client("iam")
stubber = Stubber(iam_client)
create_alias_response = {}
stubber.add_response(
"create_account_alias", create_alias_response, {"AccountAlias": "MyCoolAlias"}
),
stubber.activate()

response = create_account_alias(test_account, iam_client)
response = create_account_alias(test_account, iam_client)

assert response == test_account
self.assertEqual(response, test_account)

class FailureTestCase(unittest.TestCase):
# pylint: disable=W0106
def test_account_alias_when_nonunique(self):
test_account = {"account_id": 123456789012, "alias": "nonunique"}
iam_client = boto3.client("iam")
stubber = Stubber(iam_client)
stubber.add_client_error(
'create_account_alias',
'EntityAlreadyExistsException',
'An error occurred (EntityAlreadyExists) when calling the CreateAccountAlias operation: The account alias nonunique already exists.'
)
stubber.activate()

with self.assertRaises(ClientError) as _error:
create_account_alias(test_account, iam_client)
self.assertRegex(
str(_error.exception),
r'.*The account alias nonunique already exists.*'
javydekoning marked this conversation as resolved.
Show resolved Hide resolved
)
2 changes: 1 addition & 1 deletion src/lambda_codebase/initial_commit/bootstrap_repository/adf-accounts/readme.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ The OU name is the name of the direct parent of the account. If you want to move
- `support_level`: `basic|enterprise` ADF will raise a ticket to add the account to an existing AWS support subscription when an account is created. Currently only supports basic or enterprise.
**NB: This is for activating enterprise support on account creation only. As a prerequisite your organization master account must already have enterprise support activated**

- `alias`: AWS account alias. Must be unique globally otherwise cannot be created. Check [here](https://docs.aws.amazon.com/IAM/latest/UserGuide/console_account-alias.html) for further details. If the account alias is not created or already exists, in the Federation login page, no alias will be presented
- `alias`: AWS account alias. Must be unique globally otherwise cannot be created. Check [here](https://docs.aws.amazon.com/IAM/latest/UserGuide/console_account-alias.html) for further details. If the account alias is not created or already exists, in the Federation login page, no alias will be presented. This needs to be unique across all customers, if the alias is already taken the AccountManagementStateMachine will stop and raise an error.
- `tags`: list of tags associate to the account.

### Examples
Expand Down