2019-05-28 06:56:49 +00:00
|
|
|
import boto3
|
2023-11-30 15:55:51 +00:00
|
|
|
import pytest
|
|
|
|
from botocore.exceptions import ClientError
|
2019-05-28 06:56:49 +00:00
|
|
|
|
2024-01-07 12:03:33 +00:00
|
|
|
from moto import mock_aws
|
2022-08-13 09:49:43 +00:00
|
|
|
from moto.core import DEFAULT_ACCOUNT_ID as ACCOUNT_ID
|
2019-05-28 06:56:49 +00:00
|
|
|
|
2019-12-23 08:01:53 +00:00
|
|
|
|
2024-01-07 12:03:33 +00:00
|
|
|
@mock_aws
|
2020-09-04 08:11:17 +00:00
|
|
|
def test_endpoints():
|
|
|
|
region_name = "ap-northeast-1"
|
|
|
|
client = boto3.client("iot", region_name=region_name)
|
|
|
|
|
|
|
|
# iot:Data
|
|
|
|
endpoint = client.describe_endpoint(endpointType="iot:Data")
|
2023-07-31 21:50:24 +00:00
|
|
|
assert "ats" not in endpoint["endpointAddress"]
|
|
|
|
assert f"iot.{region_name}.amazonaws.com" in endpoint["endpointAddress"]
|
2020-09-04 08:11:17 +00:00
|
|
|
|
|
|
|
# iot:Data-ATS
|
|
|
|
endpoint = client.describe_endpoint(endpointType="iot:Data-ATS")
|
2023-07-31 21:50:24 +00:00
|
|
|
assert f"ats.iot.{region_name}.amazonaws.com" in endpoint["endpointAddress"]
|
2020-09-04 08:11:17 +00:00
|
|
|
|
|
|
|
# iot:Data-ATS
|
|
|
|
endpoint = client.describe_endpoint(endpointType="iot:CredentialProvider")
|
2023-07-31 21:50:24 +00:00
|
|
|
assert f"credentials.iot.{region_name}.amazonaws.com" in endpoint["endpointAddress"]
|
2020-09-04 08:11:17 +00:00
|
|
|
|
|
|
|
# iot:Data-ATS
|
|
|
|
endpoint = client.describe_endpoint(endpointType="iot:Jobs")
|
2023-07-31 21:50:24 +00:00
|
|
|
assert f"jobs.iot.{region_name}.amazonaws.com" in endpoint["endpointAddress"]
|
2020-09-04 08:11:17 +00:00
|
|
|
|
|
|
|
# raise InvalidRequestException
|
2023-07-31 21:50:24 +00:00
|
|
|
with pytest.raises(ClientError) as exc:
|
2020-09-04 08:11:17 +00:00
|
|
|
client.describe_endpoint(endpointType="iot:Abc")
|
2023-07-31 21:50:24 +00:00
|
|
|
err = exc.value.response["Error"]
|
|
|
|
assert err["Code"] == "InvalidRequestException"
|
2020-09-04 08:11:17 +00:00
|
|
|
|
|
|
|
|
2024-01-07 12:03:33 +00:00
|
|
|
@mock_aws
|
2019-05-28 06:56:49 +00:00
|
|
|
def test_principal_policy():
|
2019-10-31 15:44:26 +00:00
|
|
|
client = boto3.client("iot", region_name="ap-northeast-1")
|
|
|
|
policy_name = "my-policy"
|
|
|
|
doc = "{}"
|
2019-05-28 06:56:49 +00:00
|
|
|
client.create_policy(policyName=policy_name, policyDocument=doc)
|
|
|
|
cert = client.create_keys_and_certificate(setAsActive=True)
|
2019-10-31 15:44:26 +00:00
|
|
|
cert_arn = cert["certificateArn"]
|
2019-05-28 06:56:49 +00:00
|
|
|
|
|
|
|
client.attach_policy(policyName=policy_name, target=cert_arn)
|
|
|
|
|
|
|
|
res = client.list_principal_policies(principal=cert_arn)
|
2023-07-31 21:50:24 +00:00
|
|
|
assert len(res["policies"]) == 1
|
2019-10-31 15:44:26 +00:00
|
|
|
for policy in res["policies"]:
|
2023-07-31 21:50:24 +00:00
|
|
|
assert policy["policyName"] is not None
|
|
|
|
assert policy["policyArn"] is not None
|
2019-05-28 06:56:49 +00:00
|
|
|
|
|
|
|
# do nothing if policy have already attached to certificate
|
|
|
|
client.attach_policy(policyName=policy_name, target=cert_arn)
|
|
|
|
|
|
|
|
res = client.list_principal_policies(principal=cert_arn)
|
2023-07-31 21:50:24 +00:00
|
|
|
assert len(res["policies"]) == 1
|
2019-10-31 15:44:26 +00:00
|
|
|
for policy in res["policies"]:
|
2023-07-31 21:50:24 +00:00
|
|
|
assert policy["policyName"] is not None
|
|
|
|
assert policy["policyArn"] is not None
|
2019-05-28 06:56:49 +00:00
|
|
|
|
|
|
|
res = client.list_policy_principals(policyName=policy_name)
|
2023-07-31 21:50:24 +00:00
|
|
|
assert len(res["principals"]) == 1
|
|
|
|
assert res["principals"][0].startswith(
|
|
|
|
f"arn:aws:iot:ap-northeast-1:{ACCOUNT_ID}:cert/"
|
|
|
|
)
|
2019-05-28 06:56:49 +00:00
|
|
|
|
|
|
|
client.detach_policy(policyName=policy_name, target=cert_arn)
|
|
|
|
res = client.list_principal_policies(principal=cert_arn)
|
2023-07-31 21:50:24 +00:00
|
|
|
assert len(res["policies"]) == 0
|
2019-05-28 06:56:49 +00:00
|
|
|
res = client.list_policy_principals(policyName=policy_name)
|
2023-07-31 21:50:24 +00:00
|
|
|
assert len(res["principals"]) == 0
|
2020-10-06 05:54:49 +00:00
|
|
|
with pytest.raises(ClientError) as e:
|
2019-05-28 06:56:49 +00:00
|
|
|
client.detach_policy(policyName=policy_name, target=cert_arn)
|
2023-07-31 21:50:24 +00:00
|
|
|
assert e.value.response["Error"]["Code"] == "ResourceNotFoundException"
|
2019-05-28 06:56:49 +00:00
|
|
|
|
|
|
|
|
2024-01-07 12:03:33 +00:00
|
|
|
@mock_aws
|
2019-05-28 06:56:49 +00:00
|
|
|
def test_principal_policy_deprecated():
|
2019-10-31 15:44:26 +00:00
|
|
|
client = boto3.client("iot", region_name="ap-northeast-1")
|
|
|
|
policy_name = "my-policy"
|
|
|
|
doc = "{}"
|
2022-04-18 20:44:56 +00:00
|
|
|
client.create_policy(policyName=policy_name, policyDocument=doc)
|
2019-05-28 06:56:49 +00:00
|
|
|
cert = client.create_keys_and_certificate(setAsActive=True)
|
2019-10-31 15:44:26 +00:00
|
|
|
cert_arn = cert["certificateArn"]
|
2019-05-28 06:56:49 +00:00
|
|
|
|
|
|
|
client.attach_principal_policy(policyName=policy_name, principal=cert_arn)
|
|
|
|
|
|
|
|
res = client.list_principal_policies(principal=cert_arn)
|
2023-07-31 21:50:24 +00:00
|
|
|
assert len(res["policies"]) == 1
|
|
|
|
assert res["policies"][0]["policyName"] == "my-policy"
|
|
|
|
assert (
|
|
|
|
res["policies"][0]["policyArn"]
|
|
|
|
== f"arn:aws:iot:ap-northeast-1:{ACCOUNT_ID}:policy/my-policy"
|
2022-04-18 20:44:56 +00:00
|
|
|
)
|
2019-05-28 06:56:49 +00:00
|
|
|
|
|
|
|
res = client.list_policy_principals(policyName=policy_name)
|
2023-07-31 21:50:24 +00:00
|
|
|
assert len(res["principals"]) == 1
|
|
|
|
assert res["principals"][0].startswith(
|
|
|
|
f"arn:aws:iot:ap-northeast-1:{ACCOUNT_ID}:cert/"
|
|
|
|
)
|
2019-05-28 06:56:49 +00:00
|
|
|
|
|
|
|
client.detach_principal_policy(policyName=policy_name, principal=cert_arn)
|
|
|
|
res = client.list_principal_policies(principal=cert_arn)
|
2023-07-31 21:50:24 +00:00
|
|
|
assert len(res["policies"]) == 0
|
2019-05-28 06:56:49 +00:00
|
|
|
res = client.list_policy_principals(policyName=policy_name)
|
2023-07-31 21:50:24 +00:00
|
|
|
assert len(res["principals"]) == 0
|
2019-05-28 06:56:49 +00:00
|
|
|
|
|
|
|
|
2024-01-07 12:03:33 +00:00
|
|
|
@mock_aws
|
2019-05-28 06:56:49 +00:00
|
|
|
def test_principal_thing():
|
2019-10-31 15:44:26 +00:00
|
|
|
client = boto3.client("iot", region_name="ap-northeast-1")
|
|
|
|
thing_name = "my-thing"
|
2021-10-18 19:44:29 +00:00
|
|
|
client.create_thing(thingName=thing_name)
|
2019-05-28 06:56:49 +00:00
|
|
|
cert = client.create_keys_and_certificate(setAsActive=True)
|
2019-10-31 15:44:26 +00:00
|
|
|
cert_arn = cert["certificateArn"]
|
2019-05-28 06:56:49 +00:00
|
|
|
|
|
|
|
client.attach_thing_principal(thingName=thing_name, principal=cert_arn)
|
|
|
|
|
|
|
|
res = client.list_principal_things(principal=cert_arn)
|
2023-07-31 21:50:24 +00:00
|
|
|
assert len(res["things"]) == 1
|
|
|
|
assert res["things"][0] == thing_name
|
2019-05-28 06:56:49 +00:00
|
|
|
res = client.list_thing_principals(thingName=thing_name)
|
2023-07-31 21:50:24 +00:00
|
|
|
assert len(res["principals"]) == 1
|
|
|
|
assert res["principals"][0].startswith(
|
|
|
|
f"arn:aws:iot:ap-northeast-1:{ACCOUNT_ID}:cert/"
|
|
|
|
)
|
2019-05-28 06:56:49 +00:00
|
|
|
|
|
|
|
client.detach_thing_principal(thingName=thing_name, principal=cert_arn)
|
|
|
|
res = client.list_principal_things(principal=cert_arn)
|
2023-07-31 21:50:24 +00:00
|
|
|
assert len(res["things"]) == 0
|
2019-05-28 06:56:49 +00:00
|
|
|
res = client.list_thing_principals(thingName=thing_name)
|
2023-07-31 21:50:24 +00:00
|
|
|
assert len(res["principals"]) == 0
|
2018-01-04 09:59:37 +00:00
|
|
|
|
2020-10-06 06:04:09 +00:00
|
|
|
with pytest.raises(ClientError) as e:
|
2020-04-21 05:43:04 +00:00
|
|
|
client.list_thing_principals(thingName="xxx")
|
2020-04-21 05:11:53 +00:00
|
|
|
|
2023-07-31 21:50:24 +00:00
|
|
|
assert e.value.response["Error"]["Code"] == "ResourceNotFoundException"
|
|
|
|
assert (
|
|
|
|
e.value.response["Error"]["Message"]
|
|
|
|
== "Failed to list principals for thing xxx because the thing does not exist in your account"
|
2020-04-21 05:11:53 +00:00
|
|
|
)
|