#!/usr/bin/env python # Copyright (c) 2015 Shaun Brady. All Rights Reserved # # Permission is hereby granted, free of charge, to any person obtaining a # copy of this software and associated documentation files (the # "Software"), to deal in the Software without restriction, including # without limitation the rights to use, copy, modify, merge, publish, dis- # tribute, sublicense, and/or sell copies of the Software, and to permit # persons to whom the Software is furnished to do so, subject to the fol- # lowing conditions: # # The above copyright notice and this permission notice shall be included # in all copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS # OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABIL- # ITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT # SHALL THE AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, # WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS # IN THE SOFTWARE. # from boto.compat import json from boto.iam.connection import IAMConnection from tests.unit import AWSMockServiceTestCase class TestCreatePolicy(AWSMockServiceTestCase): connection_class = IAMConnection def default_body(self): return b""" S3-read-only-example-bucket v1 AGPACKCEVSQ6C2EXAMPLE / arn:aws:iam::123456789012:policy/S3-read-only-example-bucket 0 2014-09-15T17:36:14.673Z 2014-09-15T17:36:14.673Z ca64c9e1-3cfe-11e4-bfad-8d1c6EXAMPLE """ def test_create_policy(self): self.set_http_response(status_code=200) policy_doc = """ { "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1430948004000", "Effect": "Deny", "Action": [ "s3:*" ], "Resource": [ "*" ] } ] } """ response = self.service_connection.create_policy( 'S3-read-only-example-bucket', policy_doc) self.assert_request_parameters( {'Action': 'CreatePolicy', 'PolicyDocument': policy_doc, 'Path': '/', 'PolicyName': 'S3-read-only-example-bucket'}, ignore_params_values=['Version']) self.assertEqual(response['create_policy_response'] ['create_policy_result'] ['policy'] ['policy_name'], 'S3-read-only-example-bucket') class TestCreatePolicyVersion(AWSMockServiceTestCase): connection_class = IAMConnection def default_body(self): return b""" true v2 2014-09-15T19:58:59.430Z bb551b92-3d12-11e4-bfad-8d1c6EXAMPLE """ def test_create_policy_version(self): self.set_http_response(status_code=200) policy_doc = """ { "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1430948004000", "Effect": "Deny", "Action": [ "s3:*" ], "Resource": [ "*" ] } ] } """ response = self.service_connection.create_policy_version( 'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket', policy_doc, set_as_default=True) self.assert_request_parameters( {'Action': 'CreatePolicyVersion', 'PolicyDocument': policy_doc, 'SetAsDefault': 'true', 'PolicyArn': 'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket'}, ignore_params_values=['Version']) self.assertEqual(response['create_policy_version_response'] ['create_policy_version_result'] ['policy_version'] ['is_default_version'], 'true') class TestDeletePolicy(AWSMockServiceTestCase): connection_class = IAMConnection def default_body(self): return b""" 4706281b-3d19-11e4-a4a0-cffb9EXAMPLE """ def test_delete_policy(self): self.set_http_response(status_code=200) response = self.service_connection.delete_policy( 'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket') self.assert_request_parameters( {'Action': 'DeletePolicy', 'PolicyArn': 'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket'}, ignore_params_values=['Version']) self.assertEqual('request_id' in response['delete_policy_response'] ['response_metadata'], True) class TestDeletePolicyVersion(AWSMockServiceTestCase): connection_class = IAMConnection def default_body(self): return b""" 268e1556-3d19-11e4-a4a0-cffb9EXAMPLE """ def test_delete_policy_version(self): self.set_http_response(status_code=200) response = self.service_connection.delete_policy_version( 'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket', 'v1') self.assert_request_parameters( {'Action': 'DeletePolicyVersion', 'PolicyArn': 'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket', 'VersionId': 'v1'}, ignore_params_values=['Version']) self.assertEqual('request_id' in response['delete_policy_version_response'] ['response_metadata'], True) class TestGetPolicy(AWSMockServiceTestCase): connection_class = IAMConnection def default_body(self): return b""" S3-read-only-example-bucket v1 AGPACKCEVSQ6C2EXAMPLE / arn:aws:iam::123456789012:policy/S3-read-only-example-bucket 9 2014-09-15T17:36:14Z 2014-09-15T20:31:47Z My Awesome Policy 684f0917-3d22-11e4-a4a0-cffb9EXAMPLE """ def test_get_policy(self): self.set_http_response(status_code=200) response = self.service_connection.get_policy( 'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket') self.assert_request_parameters( {'Action': 'GetPolicy', 'PolicyArn': 'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket'}, ignore_params_values=['Version']) self.assertEqual(response['get_policy_response'] ['get_policy_result'] ['policy'] ['arn'], 'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket') self.assertEqual(response['get_policy_response'] ['get_policy_result'] ['policy'] ['description'], 'My Awesome Policy') class TestGetPolicyVersion(AWSMockServiceTestCase): connection_class = IAMConnection def default_body(self): return b""" {"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["s3:Get*","s3:List*"], "Resource":["arn:aws:s3:::EXAMPLE-BUCKET","arn:aws:s3:::EXAMPLE-BUCKET/*"]}]} true v1 2014-09-15T20:31:47Z d472f28e-3d23-11e4-a4a0-cffb9EXAMPLE """ def test_get_policy_version(self): self.set_http_response(status_code=200) response = self.service_connection.get_policy_version( 'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket', 'v1') self.assert_request_parameters( {'Action': 'GetPolicyVersion', 'PolicyArn': 'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket', 'VersionId': 'v1'}, ignore_params_values=['Version']) self.assertEqual(response['get_policy_version_response'] ['get_policy_version_result'] ['policy_version'] ['version_id'], 'v1') class TestListPolicies(AWSMockServiceTestCase): connection_class = IAMConnection def default_body(self): return b""" true EXAMPLEkakv9BCuUNFDtxWSyfzetYwEx2ADc8dnzfvERF5S6YMvXKx41t6gCl/eeaCX3Jo94/bKqezEAg8TEVS99EKFLxm3jtbpl25FDWEXAMPLE ExamplePolicy v1 AGPACKCEVSQ6C2EXAMPLE / arn:aws:iam::123456789012:policy/ExamplePolicy 2 2014-09-15T17:36:14Z 2014-09-15T20:31:47Z PowerUserAccess v1 AGPACKCEVSQ6C2EXAMPLE / arn:aws:iam::aws:policy/PowerUserAccess 0 2014-08-21T20:25:01Z 2014-08-21T20:25:01Z AdministratorAccess v1 AGPACKCEVSQ6C2EXAMPLE / arn:aws:iam::aws:policy/AdministratorAccess 1 2014-08-21T20:11:25Z 2014-08-21T20:11:25Z ReadOnlyAccess v1 AGPACKCEVSQ6C2EXAMPLE / arn:aws:iam::aws:policy/ReadOnlyAccess 6 2014-08-21T20:31:44Z 2014-08-21T20:31:44Z 6207e832-3eb7-11e4-9d0d-6f969EXAMPLE """ def test_list_policies(self): self.set_http_response(status_code=200) response = self.service_connection.list_policies( max_items=4) self.assert_request_parameters( {'Action': 'ListPolicies', 'MaxItems': 4}, ignore_params_values=['Version']) self.assertEqual(len(response['list_policies_response'] ['list_policies_result'] ['policies']), 4) self.assertEqual(response['list_policies_response'] ['list_policies_result'] ['is_truncated'], 'true') class TestListPolicyVersions(AWSMockServiceTestCase): connection_class = IAMConnection def default_body(self): return b""" false v3 2014-09-17T22:32:43Z true v2 2014-09-15T20:31:47Z false v1 2014-09-15T17:36:14Z false a31d1a86-3eba-11e4-9d0d-6f969EXAMPLE """ def test_list_policy_versions(self): self.set_http_response(status_code=200) response = self.service_connection.list_policy_versions( 'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket', max_items=3) self.assert_request_parameters( {'Action': 'ListPolicyVersions', 'PolicyArn': 'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket', 'MaxItems': 3}, ignore_params_values=['Version']) self.assertEqual(len(response['list_policy_versions_response'] ['list_policy_versions_result'] ['versions']), 3) class TestSetDefaultPolicyVersion(AWSMockServiceTestCase): connection_class = IAMConnection def default_body(self): return b""" 35f241af-3ebc-11e4-9d0d-6f969EXAMPLE """ def test_set_default_policy_version(self): self.set_http_response(status_code=200) response = self.service_connection.set_default_policy_version( 'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket', 'v1') self.assert_request_parameters( {'Action': 'SetDefaultPolicyVersion', 'PolicyArn': 'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket', 'VersionId': 'v1'}, ignore_params_values=['Version']) self.assertEqual('request_id' in response['set_default_policy_version_response'] ['response_metadata'], True) class TestListEntitiesForPolicy(AWSMockServiceTestCase): connection_class = IAMConnection def default_body(self): return b""" DevRole Dev false Alice Bob eb358e22-9d1f-11e4-93eb-190ecEXAMPLE """ def test_list_entities_for_policy(self): self.set_http_response(status_code=200) response = self.service_connection.list_entities_for_policy( 'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket') self.assert_request_parameters( {'Action': 'ListEntitiesForPolicy', 'PolicyArn': 'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket'}, ignore_params_values=['Version']) self.assertEqual(len(response['list_entities_for_policy_response'] ['list_entities_for_policy_result'] ['policy_roles']), 1) self.assertEqual(len(response['list_entities_for_policy_response'] ['list_entities_for_policy_result'] ['policy_groups']), 1) self.assertEqual(len(response['list_entities_for_policy_response'] ['list_entities_for_policy_result'] ['policy_users']), 2) self.assertEqual({'user_name': 'Alice'} in response['list_entities_for_policy_response'] ['list_entities_for_policy_result'] ['policy_users'], True) class TestAttachGroupPolicy(AWSMockServiceTestCase): connection_class = IAMConnection def default_body(self): return b""" f8a7b7b9-3d01-11e4-bfad-8d1c6EXAMPLE """ def test_attach_group_policy(self): self.set_http_response(status_code=200) response = self.service_connection.attach_group_policy( 'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket', 'Dev') self.assert_request_parameters( {'Action': 'AttachGroupPolicy', 'PolicyArn': 'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket', 'GroupName': 'Dev'}, ignore_params_values=['Version']) self.assertEqual('request_id' in response['attach_group_policy_response'] ['response_metadata'], True) class TestAttachRolePolicy(AWSMockServiceTestCase): connection_class = IAMConnection def default_body(self): return b""" 37a87673-3d07-11e4-bfad-8d1c6EXAMPLE """ def test_attach_role_policy(self): self.set_http_response(status_code=200) response = self.service_connection.attach_role_policy( 'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket', 'DevRole') self.assert_request_parameters( {'Action': 'AttachRolePolicy', 'PolicyArn': 'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket', 'RoleName': 'DevRole'}, ignore_params_values=['Version']) self.assertEqual('request_id' in response['attach_role_policy_response'] ['response_metadata'], True) class TestAttachUserPolicy(AWSMockServiceTestCase): connection_class = IAMConnection def default_body(self): return b""" ed7e72d3-3d07-11e4-bfad-8d1c6EXAMPLE """ def test_attach_user_policy(self): self.set_http_response(status_code=200) response = self.service_connection.attach_user_policy( 'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket', 'Alice') self.assert_request_parameters( {'Action': 'AttachUserPolicy', 'PolicyArn': 'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket', 'UserName': 'Alice'}, ignore_params_values=['Version']) self.assertEqual('request_id' in response['attach_user_policy_response'] ['response_metadata'], True) class TestDetachGroupPolicy(AWSMockServiceTestCase): connection_class = IAMConnection def default_body(self): return b""" d4faa7aa-3d1d-11e4-a4a0-cffb9EXAMPLE """ def test_detach_group_policy(self): self.set_http_response(status_code=200) response = self.service_connection.detach_group_policy( 'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket', 'Dev') self.assert_request_parameters( {'Action': 'DetachGroupPolicy', 'PolicyArn': 'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket', 'GroupName': 'Dev'}, ignore_params_values=['Version']) self.assertEqual('request_id' in response['detach_group_policy_response'] ['response_metadata'], True) class TestDetachRolePolicy(AWSMockServiceTestCase): connection_class = IAMConnection def default_body(self): return b""" 4c80ccf4-3d1e-11e4-a4a0-cffb9EXAMPLE """ def test_detach_role_policy(self): self.set_http_response(status_code=200) response = self.service_connection.detach_role_policy( 'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket', 'DevRole') self.assert_request_parameters( {'Action': 'DetachRolePolicy', 'PolicyArn': 'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket', 'RoleName': 'DevRole'}, ignore_params_values=['Version']) self.assertEqual('request_id' in response['detach_role_policy_response'] ['response_metadata'], True) class TestDetachUserPolicy(AWSMockServiceTestCase): connection_class = IAMConnection def default_body(self): return b""" 85ba31fa-3d1f-11e4-a4a0-cffb9EXAMPLE """ def test_detach_user_policy(self): self.set_http_response(status_code=200) response = self.service_connection.detach_user_policy( 'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket', 'Alice') self.assert_request_parameters( {'Action': 'DetachUserPolicy', 'PolicyArn': 'arn:aws:iam::123456789012:policy/S3-read-only-example-bucket', 'UserName': 'Alice'}, ignore_params_values=['Version']) self.assertEqual('request_id' in response['detach_user_policy_response'] ['response_metadata'], True)