#!/usr/bin/env python
# Copyright (c) 2015 Shaun Brady. All Rights Reserved
#
# Permission is hereby granted, free of charge, to any person obtaining a
# copy of this software and associated documentation files (the
# "Software"), to deal in the Software without restriction, including
# without limitation the rights to use, copy, modify, merge, publish, dis-
# tribute, sublicense, and/or sell copies of the Software, and to permit
# persons to whom the Software is furnished to do so, subject to the fol-
# lowing conditions:
#
# The above copyright notice and this permission notice shall be included
# in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABIL-
# ITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
# SHALL THE AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
# WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
#
from boto.compat import json
from boto.iam.connection import IAMConnection
from tests.unit import AWSMockServiceTestCase
class TestCreatePolicy(AWSMockServiceTestCase):
connection_class = IAMConnection
def default_body(self):
return b"""
S3-read-only-example-bucket
v1
AGPACKCEVSQ6C2EXAMPLE
/
arn:aws:iam::123456789012:policy/S3-read-only-example-bucket
0
2014-09-15T17:36:14.673Z
2014-09-15T17:36:14.673Z
ca64c9e1-3cfe-11e4-bfad-8d1c6EXAMPLE
"""
def test_create_policy(self):
self.set_http_response(status_code=200)
policy_doc = """
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1430948004000",
"Effect": "Deny",
"Action": [
"s3:*"
],
"Resource": [
"*"
]
}
]
}
"""
response = self.service_connection.create_policy(
'S3-read-only-example-bucket',
policy_doc)
self.assert_request_parameters(
{'Action': 'CreatePolicy',
'PolicyDocument': policy_doc,
'Path': '/',
'PolicyName': 'S3-read-only-example-bucket'},
ignore_params_values=['Version'])
self.assertEqual(response['create_policy_response']
['create_policy_result']
['policy']
['policy_name'],
'S3-read-only-example-bucket')
class TestCreatePolicyVersion(AWSMockServiceTestCase):
connection_class = IAMConnection
def default_body(self):
return b"""
true
v2
2014-09-15T19:58:59.430Z
bb551b92-3d12-11e4-bfad-8d1c6EXAMPLE
"""
def test_create_policy_version(self):
self.set_http_response(status_code=200)
policy_doc = """
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1430948004000",
"Effect": "Deny",
"Action": [
"s3:*"
],
"Resource": [
"*"
]
}
]
}
"""
response = self.service_connection.create_policy_version(
'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket',
policy_doc,
set_as_default=True)
self.assert_request_parameters(
{'Action': 'CreatePolicyVersion',
'PolicyDocument': policy_doc,
'SetAsDefault': 'true',
'PolicyArn': 'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket'},
ignore_params_values=['Version'])
self.assertEqual(response['create_policy_version_response']
['create_policy_version_result']
['policy_version']
['is_default_version'],
'true')
class TestDeletePolicy(AWSMockServiceTestCase):
connection_class = IAMConnection
def default_body(self):
return b"""
4706281b-3d19-11e4-a4a0-cffb9EXAMPLE
"""
def test_delete_policy(self):
self.set_http_response(status_code=200)
response = self.service_connection.delete_policy(
'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket')
self.assert_request_parameters(
{'Action': 'DeletePolicy',
'PolicyArn': 'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket'},
ignore_params_values=['Version'])
self.assertEqual('request_id' in response['delete_policy_response']
['response_metadata'],
True)
class TestDeletePolicyVersion(AWSMockServiceTestCase):
connection_class = IAMConnection
def default_body(self):
return b"""
268e1556-3d19-11e4-a4a0-cffb9EXAMPLE
"""
def test_delete_policy_version(self):
self.set_http_response(status_code=200)
response = self.service_connection.delete_policy_version(
'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket',
'v1')
self.assert_request_parameters(
{'Action': 'DeletePolicyVersion',
'PolicyArn': 'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket',
'VersionId': 'v1'},
ignore_params_values=['Version'])
self.assertEqual('request_id' in response['delete_policy_version_response']
['response_metadata'],
True)
class TestGetPolicy(AWSMockServiceTestCase):
connection_class = IAMConnection
def default_body(self):
return b"""
S3-read-only-example-bucket
v1
AGPACKCEVSQ6C2EXAMPLE
/
arn:aws:iam::123456789012:policy/S3-read-only-example-bucket
9
2014-09-15T17:36:14Z
2014-09-15T20:31:47Z
My Awesome Policy
684f0917-3d22-11e4-a4a0-cffb9EXAMPLE
"""
def test_get_policy(self):
self.set_http_response(status_code=200)
response = self.service_connection.get_policy(
'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket')
self.assert_request_parameters(
{'Action': 'GetPolicy',
'PolicyArn': 'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket'},
ignore_params_values=['Version'])
self.assertEqual(response['get_policy_response']
['get_policy_result']
['policy']
['arn'],
'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket')
self.assertEqual(response['get_policy_response']
['get_policy_result']
['policy']
['description'],
'My Awesome Policy')
class TestGetPolicyVersion(AWSMockServiceTestCase):
connection_class = IAMConnection
def default_body(self):
return b"""
{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["s3:Get*","s3:List*"],
"Resource":["arn:aws:s3:::EXAMPLE-BUCKET","arn:aws:s3:::EXAMPLE-BUCKET/*"]}]}
true
v1
2014-09-15T20:31:47Z
d472f28e-3d23-11e4-a4a0-cffb9EXAMPLE
"""
def test_get_policy_version(self):
self.set_http_response(status_code=200)
response = self.service_connection.get_policy_version(
'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket',
'v1')
self.assert_request_parameters(
{'Action': 'GetPolicyVersion',
'PolicyArn': 'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket',
'VersionId': 'v1'},
ignore_params_values=['Version'])
self.assertEqual(response['get_policy_version_response']
['get_policy_version_result']
['policy_version']
['version_id'],
'v1')
class TestListPolicies(AWSMockServiceTestCase):
connection_class = IAMConnection
def default_body(self):
return b"""
true
EXAMPLEkakv9BCuUNFDtxWSyfzetYwEx2ADc8dnzfvERF5S6YMvXKx41t6gCl/eeaCX3Jo94/bKqezEAg8TEVS99EKFLxm3jtbpl25FDWEXAMPLE
ExamplePolicy
v1
AGPACKCEVSQ6C2EXAMPLE
/
arn:aws:iam::123456789012:policy/ExamplePolicy
2
2014-09-15T17:36:14Z
2014-09-15T20:31:47Z
PowerUserAccess
v1
AGPACKCEVSQ6C2EXAMPLE
/
arn:aws:iam::aws:policy/PowerUserAccess
0
2014-08-21T20:25:01Z
2014-08-21T20:25:01Z
AdministratorAccess
v1
AGPACKCEVSQ6C2EXAMPLE
/
arn:aws:iam::aws:policy/AdministratorAccess
1
2014-08-21T20:11:25Z
2014-08-21T20:11:25Z
ReadOnlyAccess
v1
AGPACKCEVSQ6C2EXAMPLE
/
arn:aws:iam::aws:policy/ReadOnlyAccess
6
2014-08-21T20:31:44Z
2014-08-21T20:31:44Z
6207e832-3eb7-11e4-9d0d-6f969EXAMPLE
"""
def test_list_policies(self):
self.set_http_response(status_code=200)
response = self.service_connection.list_policies(
max_items=4)
self.assert_request_parameters(
{'Action': 'ListPolicies',
'MaxItems': 4},
ignore_params_values=['Version'])
self.assertEqual(len(response['list_policies_response']
['list_policies_result']
['policies']),
4)
self.assertEqual(response['list_policies_response']
['list_policies_result']
['is_truncated'],
'true')
class TestListPolicyVersions(AWSMockServiceTestCase):
connection_class = IAMConnection
def default_body(self):
return b"""
false
v3
2014-09-17T22:32:43Z
true
v2
2014-09-15T20:31:47Z
false
v1
2014-09-15T17:36:14Z
false
a31d1a86-3eba-11e4-9d0d-6f969EXAMPLE
"""
def test_list_policy_versions(self):
self.set_http_response(status_code=200)
response = self.service_connection.list_policy_versions(
'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket',
max_items=3)
self.assert_request_parameters(
{'Action': 'ListPolicyVersions',
'PolicyArn': 'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket',
'MaxItems': 3},
ignore_params_values=['Version'])
self.assertEqual(len(response['list_policy_versions_response']
['list_policy_versions_result']
['versions']),
3)
class TestSetDefaultPolicyVersion(AWSMockServiceTestCase):
connection_class = IAMConnection
def default_body(self):
return b"""
35f241af-3ebc-11e4-9d0d-6f969EXAMPLE
"""
def test_set_default_policy_version(self):
self.set_http_response(status_code=200)
response = self.service_connection.set_default_policy_version(
'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket',
'v1')
self.assert_request_parameters(
{'Action': 'SetDefaultPolicyVersion',
'PolicyArn': 'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket',
'VersionId': 'v1'},
ignore_params_values=['Version'])
self.assertEqual('request_id' in response['set_default_policy_version_response']
['response_metadata'],
True)
class TestListEntitiesForPolicy(AWSMockServiceTestCase):
connection_class = IAMConnection
def default_body(self):
return b"""
DevRole
Dev
false
Alice
Bob
eb358e22-9d1f-11e4-93eb-190ecEXAMPLE
"""
def test_list_entities_for_policy(self):
self.set_http_response(status_code=200)
response = self.service_connection.list_entities_for_policy(
'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket')
self.assert_request_parameters(
{'Action': 'ListEntitiesForPolicy',
'PolicyArn': 'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket'},
ignore_params_values=['Version'])
self.assertEqual(len(response['list_entities_for_policy_response']
['list_entities_for_policy_result']
['policy_roles']),
1)
self.assertEqual(len(response['list_entities_for_policy_response']
['list_entities_for_policy_result']
['policy_groups']),
1)
self.assertEqual(len(response['list_entities_for_policy_response']
['list_entities_for_policy_result']
['policy_users']),
2)
self.assertEqual({'user_name': 'Alice'} in response['list_entities_for_policy_response']
['list_entities_for_policy_result']
['policy_users'],
True)
class TestAttachGroupPolicy(AWSMockServiceTestCase):
connection_class = IAMConnection
def default_body(self):
return b"""
f8a7b7b9-3d01-11e4-bfad-8d1c6EXAMPLE
"""
def test_attach_group_policy(self):
self.set_http_response(status_code=200)
response = self.service_connection.attach_group_policy(
'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket',
'Dev')
self.assert_request_parameters(
{'Action': 'AttachGroupPolicy',
'PolicyArn': 'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket',
'GroupName': 'Dev'},
ignore_params_values=['Version'])
self.assertEqual('request_id' in response['attach_group_policy_response']
['response_metadata'],
True)
class TestAttachRolePolicy(AWSMockServiceTestCase):
connection_class = IAMConnection
def default_body(self):
return b"""
37a87673-3d07-11e4-bfad-8d1c6EXAMPLE
"""
def test_attach_role_policy(self):
self.set_http_response(status_code=200)
response = self.service_connection.attach_role_policy(
'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket',
'DevRole')
self.assert_request_parameters(
{'Action': 'AttachRolePolicy',
'PolicyArn': 'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket',
'RoleName': 'DevRole'},
ignore_params_values=['Version'])
self.assertEqual('request_id' in response['attach_role_policy_response']
['response_metadata'],
True)
class TestAttachUserPolicy(AWSMockServiceTestCase):
connection_class = IAMConnection
def default_body(self):
return b"""
ed7e72d3-3d07-11e4-bfad-8d1c6EXAMPLE
"""
def test_attach_user_policy(self):
self.set_http_response(status_code=200)
response = self.service_connection.attach_user_policy(
'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket',
'Alice')
self.assert_request_parameters(
{'Action': 'AttachUserPolicy',
'PolicyArn': 'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket',
'UserName': 'Alice'},
ignore_params_values=['Version'])
self.assertEqual('request_id' in response['attach_user_policy_response']
['response_metadata'],
True)
class TestDetachGroupPolicy(AWSMockServiceTestCase):
connection_class = IAMConnection
def default_body(self):
return b"""
d4faa7aa-3d1d-11e4-a4a0-cffb9EXAMPLE
"""
def test_detach_group_policy(self):
self.set_http_response(status_code=200)
response = self.service_connection.detach_group_policy(
'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket',
'Dev')
self.assert_request_parameters(
{'Action': 'DetachGroupPolicy',
'PolicyArn': 'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket',
'GroupName': 'Dev'},
ignore_params_values=['Version'])
self.assertEqual('request_id' in response['detach_group_policy_response']
['response_metadata'],
True)
class TestDetachRolePolicy(AWSMockServiceTestCase):
connection_class = IAMConnection
def default_body(self):
return b"""
4c80ccf4-3d1e-11e4-a4a0-cffb9EXAMPLE
"""
def test_detach_role_policy(self):
self.set_http_response(status_code=200)
response = self.service_connection.detach_role_policy(
'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket',
'DevRole')
self.assert_request_parameters(
{'Action': 'DetachRolePolicy',
'PolicyArn': 'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket',
'RoleName': 'DevRole'},
ignore_params_values=['Version'])
self.assertEqual('request_id' in response['detach_role_policy_response']
['response_metadata'],
True)
class TestDetachUserPolicy(AWSMockServiceTestCase):
connection_class = IAMConnection
def default_body(self):
return b"""
85ba31fa-3d1f-11e4-a4a0-cffb9EXAMPLE
"""
def test_detach_user_policy(self):
self.set_http_response(status_code=200)
response = self.service_connection.detach_user_policy(
'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket',
'Alice')
self.assert_request_parameters(
{'Action': 'DetachUserPolicy',
'PolicyArn': 'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket',
'UserName': 'Alice'},
ignore_params_values=['Version'])
self.assertEqual('request_id' in response['detach_user_policy_response']
['response_metadata'],
True)