Yasuke/moto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
moto/tests/test_iam/test_iam_policies.py

1638 lines
50 KiB
Python
Raw Normal View History

Created tests for policy documents.
2019-06-30 13:47:17 +02:00
import json
import boto3
from botocore.exceptions import ClientError
Port test suite from nose to pytest. This just eliminates all errors on the tests collection. Elimination of failures is left to the next commit.
2020-10-06 07:54:49 +02:00
import pytest
Pylint - Enable more rules on source and tests-directory (#4929)
2022-03-11 20:28:45 -01:00
import sure # noqa # pylint: disable=unused-import
Created tests for policy documents.
2019-06-30 13:47:17 +02:00
from moto import mock_iam
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
invalid_policy_document_test_cases = [
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
{
"document": "This is not a json document",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Syntax errors in policy.",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
{
"document": {
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": "arn:aws:s3:::example_bucket",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
}
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Policy document must be version 2012-10-17 or greater.",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
{
"document": {
"Version": "2008-10-17",
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": "arn:aws:s3:::example_bucket",
},
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Policy document must be version 2012-10-17 or greater.",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
{
"document": {
"Version": "2013-10-17",
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": "arn:aws:s3:::example_bucket",
},
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Syntax errors in policy.",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
{
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"document": {"Version": "2012-10-17"},
"error_message": "Syntax errors in policy.",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
{
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"document": {"Version": "2012-10-17", "Statement": ["afd"]},
"error_message": "Syntax errors in policy.",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
{
"document": {
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": "arn:aws:s3:::example_bucket",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Extra field": "value",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Syntax errors in policy.",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
{
"document": {
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Extra field": "value",
},
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Syntax errors in policy.",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
{
"document": {
"Version": "2012-10-17",
"Id": ["cd3a324d2343d942772346-34234234423404-4c2242343242349d1642ee"],
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": "arn:aws:s3:::example_bucket",
},
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Syntax errors in policy.",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
{
"document": {
"Version": "2012-10-17",
"Id": {},
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": "arn:aws:s3:::example_bucket",
},
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Syntax errors in policy.",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
{
"document": {
"Version": "2012-10-17",
"Statement": {
"Effect": "invalid",
"Action": "s3:ListBucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": "arn:aws:s3:::example_bucket",
},
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Syntax errors in policy.",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
{
"document": {
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "invalid",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": "arn:aws:s3:::example_bucket",
},
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Actions/Conditions must be prefaced by a vendor, e.g., iam, sdb, ec2, etc.",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
Added more tests.
2019-06-30 20:33:17 +02:00
{
"document": {
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"NotAction": "",
"Resource": "arn:aws:s3:::example_bucket",
},
Added more tests.
2019-06-30 20:33:17 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Actions/Conditions must be prefaced by a vendor, e.g., iam, sdb, ec2, etc.",
Added more tests.
2019-06-30 20:33:17 +02:00
},
Implemented validating action prefixes.
2019-06-30 18:48:27 +02:00
{
"document": {
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"Action": "a a:ListBucket",
"Resource": "arn:aws:s3:::example_bucket",
},
Implemented validating action prefixes.
2019-06-30 18:48:27 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Vendor a a is not valid",
Implemented validating action prefixes.
2019-06-30 18:48:27 +02:00
},
{
"document": {
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"Action": "s3:List:Bucket",
"Resource": "arn:aws:s3:::example_bucket",
},
Implemented validating action prefixes.
2019-06-30 18:48:27 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Actions/Condition can contain only one colon.",
Implemented validating action prefixes.
2019-06-30 18:48:27 +02:00
},
Added more tests.
2019-06-30 20:33:17 +02:00
{
"document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3s:ListBucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": "arn:aws:s3:::example_bucket",
Added more tests.
2019-06-30 20:33:17 +02:00
},
{
"Effect": "Allow",
"Action": "s:3s:ListBucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": "arn:aws:s3:::example_bucket",
},
],
Added more tests.
2019-06-30 20:33:17 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Actions/Condition can contain only one colon.",
Added more tests.
2019-06-30 20:33:17 +02:00
},
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
{
"document": {
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": "invalid resource",
},
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": 'Resource invalid resource must be in ARN format or "*".',
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
{
"document": {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "EnableDisableHongKong",
"Effect": "Allow",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Action": ["account:EnableRegion", "account:DisableRegion"],
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
"Resource": "",
"Condition": {
"StringEquals": {"account:TargetRegion": "ap-east-1"}
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Sid": "ViewConsole",
"Effect": "Allow",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Action": ["aws-portal:ViewAccount", "account:ListRegions"],
"Resource": "",
},
],
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": 'Resource must be in ARN format or "*".',
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
Added more tests.
2019-06-30 20:33:17 +02:00
{
"document": {
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"Action": "s:3:ListBucket",
"Resource": "sdfsadf",
},
Added more tests.
2019-06-30 20:33:17 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": 'Resource sdfsadf must be in ARN format or "*".',
Added more tests.
2019-06-30 20:33:17 +02:00
},
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
{
"document": {
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": ["adf"],
},
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": 'Resource adf must be in ARN format or "*".',
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
Implemented validating action prefixes.
2019-06-30 18:48:27 +02:00
{
"document": {
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {"Effect": "Allow", "Action": "s3:ListBucket", "Resource": ""},
Implemented validating action prefixes.
2019-06-30 18:48:27 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": 'Resource must be in ARN format or "*".',
Implemented validating action prefixes.
2019-06-30 18:48:27 +02:00
},
Added more tests.
2019-06-30 20:33:17 +02:00
{
"document": {
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"NotAction": "s3s:ListBucket",
"Resource": "a:bsdfdsafsad",
},
Added more tests.
2019-06-30 20:33:17 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": 'Partition "bsdfdsafsad" is not valid for resource "arn:bsdfdsafsad:*:*:*:*".',
Added more tests.
2019-06-30 20:33:17 +02:00
},
{
"document": {
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"NotAction": "s3s:ListBucket",
"Resource": "a:b:cadfsdf",
},
Added more tests.
2019-06-30 20:33:17 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": 'Partition "b" is not valid for resource "arn:b:cadfsdf:*:*:*".',
Added more tests.
2019-06-30 20:33:17 +02:00
},
{
"document": {
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"NotAction": "s3s:ListBucket",
"Resource": "a:b:c:d:e:f:g:h",
},
Added more tests.
2019-06-30 20:33:17 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": 'Partition "b" is not valid for resource "arn:b:c:d:e:f:g:h".',
Added more tests.
2019-06-30 20:33:17 +02:00
},
Added more tests.
2019-07-01 17:30:59 +02:00
{
"document": {
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": "aws:s3:::example_bucket",
},
Added more tests.
2019-07-01 17:30:59 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": 'Partition "s3" is not valid for resource "arn:s3:::example_bucket:*".',
Added more tests.
2019-07-01 17:30:59 +02:00
},
{
"document": {
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": [
"arn:error:s3:::example_bucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"arn:error:s3::example_bucket",
],
},
Added more tests.
2019-07-01 17:30:59 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": 'Partition "error" is not valid for resource "arn:error:s3:::example_bucket".',
Added more tests.
2019-07-01 17:30:59 +02:00
},
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
{
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"document": {"Version": "2012-10-17", "Statement": []},
"error_message": "Syntax errors in policy.",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
{
"document": {
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {"Effect": "Allow", "Action": "s3:ListBucket"},
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Policy statement must contain resources.",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
{
"document": {
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {"Effect": "Allow", "Action": "s3:ListBucket", "Resource": []},
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Policy statement must contain resources.",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
Implemented validating action prefixes.
2019-06-30 18:48:27 +02:00
{
"document": {
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {"Effect": "Allow", "Action": "invalid"},
Implemented validating action prefixes.
2019-06-30 18:48:27 +02:00
},
Implement IAM back end part of update_assume_role_policy to validate policies (#5340)
2022-07-29 23:25:56 -04:00
"error_message": "Actions/Conditions must be prefaced by a vendor, e.g., iam, sdb, ec2, etc.",
Implemented validating action prefixes.
2019-06-30 18:48:27 +02:00
},
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
{
"document": {
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {"Effect": "Allow", "Resource": "arn:aws:s3:::example_bucket"},
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Policy statement must contain actions.",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
{
"document": {
"Version": "2012-10-17",
"Statement": {
"Action": "s3:ListBucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": "arn:aws:s3:::example_bucket",
},
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Syntax errors in policy.",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
{
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"document": {"Version": "2012-10-17", "Statement": {"Effect": "Allow"}},
"error_message": "Policy statement must contain actions.",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
Implemented validating action prefixes.
2019-06-30 18:48:27 +02:00
{
"document": {
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"Action": [],
"Resource": "arn:aws:s3:::example_bucket",
},
Implemented validating action prefixes.
2019-06-30 18:48:27 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Policy statement must contain actions.",
Implemented validating action prefixes.
2019-06-30 18:48:27 +02:00
},
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
{
"document": {
"Version": "2012-10-17",
"Statement": [
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
{"Effect": "Deny"},
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
{
Created tests for policy documents.
2019-06-30 13:47:17 +02:00
"Effect": "Allow",
"Action": "s3:ListBucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": "arn:aws:s3:::example_bucket",
},
],
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Policy statement must contain actions.",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
{
"document": {
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:iam:::example_bucket",
},
Created tests for policy documents.
2019-06-30 13:47:17 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": 'IAM resource path must either be "*" or start with user/, federated-user/, role/, group/, instance-profile/, mfa/, server-certificate/, policy/, sms-mfa/, saml-provider/, oidc-provider/, report/, access-report/.',
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
{
"document": {
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3::example_bucket",
},
Added more tests.
2019-06-30 16:36:49 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "The policy failed legacy parsing",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
Added more tests.
2019-07-01 17:30:59 +02:00
{
"document": {
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {"Effect": "Allow", "Resource": "arn:aws:s3::example_bucket"},
Added more tests.
2019-07-01 17:30:59 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "The policy failed legacy parsing",
Added more tests.
2019-07-01 17:30:59 +02:00
},
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
{
"document": {
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws",
},
Created tests for policy documents.
2019-06-30 13:47:17 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Resource vendor must be fully qualified and cannot contain regexes.",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
{
"document": {
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": {"a": "arn:aws:s3:::example_bucket"},
},
Created tests for policy documents.
2019-06-30 13:47:17 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Syntax errors in policy.",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
{
"document": {
"Version": "2012-10-17",
"Statement": {
"Effect": "Deny",
"Action": "s3:ListBucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": ["adfdf", {}],
},
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Syntax errors in policy.",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
Added more tests.
2019-06-30 20:33:17 +02:00
{
"document": {
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"NotAction": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket",
"NotResource": [],
},
Added more tests.
2019-06-30 20:33:17 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Syntax errors in policy.",
Added more tests.
2019-06-30 20:33:17 +02:00
},
Implemented validating action prefixes.
2019-06-30 18:48:27 +02:00
{
"document": {
"Version": "2012-10-17",
"Statement": {
"Effect": "Deny",
"Action": [[]],
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": "arn:aws:s3:::example_bucket",
},
Implemented validating action prefixes.
2019-06-30 18:48:27 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Syntax errors in policy.",
Implemented validating action prefixes.
2019-06-30 18:48:27 +02:00
},
Added more tests.
2019-06-30 20:33:17 +02:00
{
"document": {
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"NotAction": "s3s:ListBucket",
"Action": [],
"Resource": "arn:aws:s3:::example_bucket",
},
Added more tests.
2019-06-30 20:33:17 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Syntax errors in policy.",
Added more tests.
2019-06-30 20:33:17 +02:00
},
Implemented validating action prefixes.
2019-06-30 18:48:27 +02:00
{
"document": {
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"Action": {},
"Resource": "arn:aws:s3:::example_bucket",
},
Implemented validating action prefixes.
2019-06-30 18:48:27 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Syntax errors in policy.",
Implemented validating action prefixes.
2019-06-30 18:48:27 +02:00
},
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
{
"document": {
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket",
"Condition": [],
},
Created tests for policy documents.
2019-06-30 13:47:17 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Syntax errors in policy.",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
{
"document": {
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket",
"Condition": "a",
},
Created tests for policy documents.
2019-06-30 13:47:17 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Syntax errors in policy.",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
{
"document": {
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket",
"Condition": {"a": "b"},
},
Created tests for policy documents.
2019-06-30 13:47:17 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Syntax errors in policy.",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
{
"document": {
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket",
"Condition": {"DateGreaterThan": "b"},
},
Created tests for policy documents.
2019-06-30 13:47:17 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Syntax errors in policy.",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
{
"document": {
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket",
"Condition": {"DateGreaterThan": []},
},
Created tests for policy documents.
2019-06-30 13:47:17 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Syntax errors in policy.",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
{
"document": {
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket",
"Condition": {"DateGreaterThan": {"a": {}}},
},
Created tests for policy documents.
2019-06-30 13:47:17 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Syntax errors in policy.",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
{
"document": {
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"Resource": "arn:aws:s3:::example_bucket",
"Condition": {"DateGreaterThan": {"a": {}}},
},
Created tests for policy documents.
2019-06-30 13:47:17 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Syntax errors in policy.",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
Added more tests.
2019-07-01 17:30:59 +02:00
{
"document": {
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Condition": {"x": {"a": "1"}},
},
Added more tests.
2019-07-01 17:30:59 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Syntax errors in policy.",
Added more tests.
2019-07-01 17:30:59 +02:00
},
{
"document": {
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Condition": {"ForAnyValue::StringEqualsIfExists": {"a": "asf"}},
},
Added more tests.
2019-07-01 17:30:59 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Syntax errors in policy.",
Added more tests.
2019-07-01 17:30:59 +02:00
},
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
{
"document": {
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket",
"Condition": [
{"ForAllValues:StringEquals": {"aws:TagKeys": "Department"}}
],
},
Added more tests.
2019-06-30 16:36:49 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Syntax errors in policy.",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
{
"document": {
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:iam:us-east-1::example_bucket",
},
Created tests for policy documents.
2019-06-30 13:47:17 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "IAM resource arn:aws:iam:us-east-1::example_bucket cannot contain region information.",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
{
"document": {
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:us-east-1::example_bucket",
},
Created tests for policy documents.
2019-06-30 13:47:17 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Resource arn:aws:s3:us-east-1::example_bucket can not contain region information.",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
{
"document": {
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Sid": {},
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket",
},
Created tests for policy documents.
2019-06-30 13:47:17 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Syntax errors in policy.",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
{
"document": {
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Sid": [],
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket",
},
Added test cases for mutually exclusive elements.
2019-06-30 14:03:18 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Syntax errors in policy.",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
{
"document": {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "sdf",
Added test cases for mutually exclusive elements.
2019-06-30 14:03:18 +02:00
"Effect": "Allow",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
"Action": "s3:ListBucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": "arn:aws:s3:::example_bucket",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
{"Sid": "sdf", "Effect": "Allow"},
],
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Statement IDs (SID) in a single policy must be unique.",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
Added more tests.
2019-06-30 20:33:17 +02:00
{
"document": {
"Statement": [
{
"Sid": "sdf",
"Effect": "Allow",
"Action": "s3:ListBucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": "arn:aws:s3:::example_bucket",
Added more tests.
2019-06-30 20:33:17 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
{"Sid": "sdf", "Effect": "Allow"},
Added more tests.
2019-06-30 20:33:17 +02:00
]
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Policy document must be version 2012-10-17 or greater.",
Added more tests.
2019-06-30 20:33:17 +02:00
},
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
{
"document": {
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"NotAction": "s3:ListBucket",
"Action": "iam:dsf",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": "arn:aws:s3:::example_bucket",
},
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Syntax errors in policy.",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
{
"document": {
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"NotResource": "*",
},
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Syntax errors in policy.",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
{
"document": {
"Version": "2012-10-17",
"Statement": {
"Effect": "denY",
"Action": "s3:ListBucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": "arn:aws:s3:::example_bucket",
},
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "The policy failed legacy parsing",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
{
"document": {
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket",
"Condition": {"DateGreaterThan": {"a": "sdfdsf"}},
},
Added more tests.
2019-06-30 16:36:49 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "The policy failed legacy parsing",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
{
"document": {
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket",
"Condition": {"DateGreaterThan": {"a": "sdfdsf"}},
}
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Policy document must be version 2012-10-17 or greater.",
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
Added more tests.
2019-07-01 17:30:59 +02:00
{
"document": {
"Statement": {
"Effect": "denY",
"Action": "s3:ListBucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": "arn:aws:s3:::example_bucket",
Added more tests.
2019-07-01 17:30:59 +02:00
}
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "Policy document must be version 2012-10-17 or greater.",
Added more tests.
2019-07-01 17:30:59 +02:00
},
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
{
"document": {
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"Condition": {"DateGreaterThan": {"a": "sdfdsf"}},
},
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "The policy failed legacy parsing",
Added more tests.
2019-06-30 20:33:17 +02:00
},
{
"document": {
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"NotAction": "s3:ListBucket",
"Resource": "arn:aws::::example_bucket",
},
Added more tests.
2019-06-30 20:33:17 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "The policy failed legacy parsing",
Added more tests.
2019-06-30 20:33:17 +02:00
},
{
"document": {
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "allow",
"Resource": "arn:aws:s3:us-east-1::example_bucket",
},
Added more tests.
2019-06-30 20:33:17 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "The policy failed legacy parsing",
Added more tests.
2019-07-01 17:30:59 +02:00
},
{
"document": {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "sdf",
"Effect": "aLLow",
"Action": "s3:ListBucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": "arn:aws:s3:::example_bucket",
Added more tests.
2019-07-01 17:30:59 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
{"Sid": "sdf", "Effect": "Allow"},
],
Added more tests.
2019-07-01 17:30:59 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "The policy failed legacy parsing",
Added more tests.
2019-07-01 17:30:59 +02:00
},
{
"document": {
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"NotResource": "arn:aws:s3::example_bucket",
},
Added more tests.
2019-07-01 17:30:59 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "The policy failed legacy parsing",
Added more tests.
2019-07-01 17:30:59 +02:00
},
{
"document": {
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Condition": {"DateLessThanEquals": {"a": "234-13"}},
},
Added more tests.
2019-07-01 17:30:59 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "The policy failed legacy parsing",
Added more tests.
2019-07-01 17:30:59 +02:00
},
{
"document": {
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket",
"Condition": {
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"DateLessThanEquals": {"a": "2016-12-13t2:00:00.593194+1"}
},
},
Added more tests.
2019-07-01 17:30:59 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "The policy failed legacy parsing",
Added more tests.
2019-07-01 17:30:59 +02:00
},
{
"document": {
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket",
"Condition": {
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"DateLessThanEquals": {"a": "2016-12-13t2:00:00.1999999999+10:59"}
},
},
Added more tests.
2019-07-01 17:30:59 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "The policy failed legacy parsing",
Added more tests.
2019-07-01 17:30:59 +02:00
},
{
"document": {
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Condition": {"DateLessThan": {"a": "9223372036854775808"}},
},
Added more tests.
2019-07-01 17:30:59 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "The policy failed legacy parsing",
Added more tests.
2019-07-01 17:30:59 +02:00
},
{
"document": {
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:error:s3:::example_bucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Condition": {"DateGreaterThan": {"a": "sdfdsf"}},
},
Added more tests.
2019-07-01 17:30:59 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "The policy failed legacy parsing",
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"document": {
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": "arn:aws::fdsasf",
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"error_message": "The policy failed legacy parsing",
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
]
valid_policy_documents = [
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": ["arn:aws:s3:::example_bucket"],
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "iam: asdf safdsf af ",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": "arn:aws:s3:::example_bucket",
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": ["arn:aws:s3:::example_bucket", "*"],
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "*",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": "arn:aws:s3:::example_bucket",
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:ListBucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": "arn:aws:s3:::example_bucket",
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
}
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
],
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "service-prefix:action-name",
"Resource": "*",
"Condition": {
"DateGreaterThan": {"aws:CurrentTime": "2017-07-01T00:00:00Z"},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"DateLessThan": {"aws:CurrentTime": "2017-12-31T23:59:59Z"},
},
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"Action": "fsx:ListBucket",
"Resource": "arn:aws:s3:::example_bucket",
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:iam:::user/example_bucket",
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s33:::example_bucket",
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:fdsasf",
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket",
"Condition": {},
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket",
"Condition": {"ForAllValues:StringEquals": {"aws:TagKeys": "Department"}},
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:cloudwatch:us-east-1::example_bucket",
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:ec2:us-east-1::example_bucket",
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:invalid-service:::example_bucket",
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:invalid-service:us-east-1::example_bucket",
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket",
"Condition": {
"DateGreaterThan": {"aws:CurrentTime": "2017-07-01T00:00:00Z"},
"DateLessThan": {"aws:CurrentTime": "2017-12-31T23:59:59Z"},
},
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket",
"Condition": {"DateGreaterThan": {}},
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket",
"Condition": {"DateGreaterThan": {"a": []}},
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket",
"Condition": {"a": {}},
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Sid": "dsfsdfsdfsdfsdfsadfsd",
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket",
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ConsoleDisplay",
"Effect": "Allow",
"Action": [
"iam:GetRole",
"iam:GetUser",
"iam:ListRoles",
"iam:ListRoleTags",
"iam:ListUsers",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"iam:ListUserTags",
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
],
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": "*",
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Sid": "AddTag",
"Effect": "Allow",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Action": ["iam:TagUser", "iam:TagRole"],
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
"Resource": "*",
"Condition": {
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"StringEquals": {"aws:RequestTag/CostCenter": ["A-123", "B-456"]},
"ForAllValues:StringEquals": {"aws:TagKeys": "CostCenter"},
},
},
],
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"NotAction": "s3:ListBucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": "arn:aws:s3:::example_bucket",
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Deny",
"Action": "s3:*",
"NotResource": [
"arn:aws:s3:::HRBucket/Payroll",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"arn:aws:s3:::HRBucket/Payroll/*",
],
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
"Id": "sdfsdfsdf",
"Statement": {
"Effect": "Allow",
"NotAction": "s3:ListBucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": "arn:aws:s3:::example_bucket",
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"Action": "aaaaaadsfdsafsadfsadfaaaaa:ListBucket",
"Resource": "arn:aws:s3:::example_bucket",
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"Action": "s3-s:ListBucket",
"Resource": "arn:aws:s3:::example_bucket",
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"Action": "s3.s:ListBucket",
"Resource": "arn:aws:s3:::example_bucket",
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Statement": {
"Effect": "Allow",
"NotAction": "s3:ListBucket",
"NotResource": "*",
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "sdf",
"Effect": "Allow",
"Action": "s3:ListBucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": "arn:aws:s3:::example_bucket",
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Effect": "Allow",
"Action": "s3:ListBucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": "arn:aws:s3:::example_bucket",
},
],
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Condition": {"DateGreaterThan": {"a": "01T"}},
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Condition": {"x": {}, "y": {}},
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Condition": {"StringEqualsIfExists": {"a": "asf"}},
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Condition": {"ForAnyValue:StringEqualsIfExists": {"a": "asf"}},
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Condition": {"DateLessThanEquals": {"a": "2019-07-01T13:20:15Z"}},
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket",
"Condition": {
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"DateLessThanEquals": {"a": "2016-12-13T21:20:37.593194+00:00"}
},
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Condition": {"DateLessThanEquals": {"a": "2016-12-13t2:00:00.593194+23"}},
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Condition": {"DateLessThan": {"a": "-292275054"}},
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowViewAccountInfo",
"Effect": "Allow",
"Action": [
"iam:GetAccountPasswordPolicy",
"iam:GetAccountSummary",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"iam:ListVirtualMFADevices",
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
],
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": "*",
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Sid": "AllowManageOwnPasswords",
"Effect": "Allow",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Action": ["iam:ChangePassword", "iam:GetUser"],
"Resource": "arn:aws:iam::*:user/${aws:username}",
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Sid": "AllowManageOwnAccessKeys",
"Effect": "Allow",
"Action": [
"iam:CreateAccessKey",
"iam:DeleteAccessKey",
"iam:ListAccessKeys",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"iam:UpdateAccessKey",
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
],
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": "arn:aws:iam::*:user/${aws:username}",
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Sid": "AllowManageOwnSigningCertificates",
"Effect": "Allow",
"Action": [
"iam:DeleteSigningCertificate",
"iam:ListSigningCertificates",
"iam:UpdateSigningCertificate",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"iam:UploadSigningCertificate",
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
],
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": "arn:aws:iam::*:user/${aws:username}",
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Sid": "AllowManageOwnSSHPublicKeys",
"Effect": "Allow",
"Action": [
"iam:DeleteSSHPublicKey",
"iam:GetSSHPublicKey",
"iam:ListSSHPublicKeys",
"iam:UpdateSSHPublicKey",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"iam:UploadSSHPublicKey",
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
],
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": "arn:aws:iam::*:user/${aws:username}",
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Sid": "AllowManageOwnGitCredentials",
"Effect": "Allow",
"Action": [
"iam:CreateServiceSpecificCredential",
"iam:DeleteServiceSpecificCredential",
"iam:ListServiceSpecificCredentials",
"iam:ResetServiceSpecificCredential",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"iam:UpdateServiceSpecificCredential",
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
],
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": "arn:aws:iam::*:user/${aws:username}",
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Sid": "AllowManageOwnVirtualMFADevice",
"Effect": "Allow",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Action": ["iam:CreateVirtualMFADevice", "iam:DeleteVirtualMFADevice"],
"Resource": "arn:aws:iam::*:mfa/${aws:username}",
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Sid": "AllowManageOwnUserMFA",
"Effect": "Allow",
"Action": [
"iam:DeactivateMFADevice",
"iam:EnableMFADevice",
"iam:ListMFADevices",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"iam:ResyncMFADevice",
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
],
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": "arn:aws:iam::*:user/${aws:username}",
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Sid": "DenyAllExceptListedIfNoMFA",
"Effect": "Deny",
"NotAction": [
"iam:CreateVirtualMFADevice",
"iam:EnableMFADevice",
"iam:GetUser",
"iam:ListMFADevices",
"iam:ListVirtualMFADevices",
"iam:ResyncMFADevice",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"sts:GetSessionToken",
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
],
"Resource": "*",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Condition": {"BoolIfExists": {"aws:MultiFactorAuthPresent": "false"}},
},
],
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ListAndDescribe",
"Effect": "Allow",
"Action": [
"dynamodb:List*",
"dynamodb:DescribeReservedCapacity*",
"dynamodb:DescribeLimits",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"dynamodb:DescribeTimeToLive",
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
],
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": "*",
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Sid": "SpecificTable",
"Effect": "Allow",
"Action": [
"dynamodb:BatchGet*",
"dynamodb:DescribeStream",
"dynamodb:DescribeTable",
"dynamodb:Get*",
"dynamodb:Query",
"dynamodb:Scan",
"dynamodb:BatchWrite*",
"dynamodb:CreateTable",
"dynamodb:Delete*",
"dynamodb:Update*",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"dynamodb:PutItem",
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
],
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": "arn:aws:dynamodb:*:*:table/MyTable",
},
],
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Action": ["ec2:AttachVolume", "ec2:DetachVolume"],
"Resource": ["arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:instance/*"],
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
"Condition": {
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"ArnEquals": {
"ec2:SourceInstanceARN": "arn:aws:ec2:*:*:instance/instance-id"
}
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
}
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
],
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Action": ["ec2:AttachVolume", "ec2:DetachVolume"],
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
"Resource": "arn:aws:ec2:*:*:instance/*",
"Condition": {
"StringEquals": {"ec2:ResourceTag/Department": "Development"}
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Effect": "Allow",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Action": ["ec2:AttachVolume", "ec2:DetachVolume"],
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
"Resource": "arn:aws:ec2:*:*:volume/*",
"Condition": {
"StringEquals": {"ec2:ResourceTag/VolumeUser": "${aws:username}"}
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
},
},
],
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "StartStopIfTags",
"Effect": "Allow",
"Action": [
"ec2:StartInstances",
"ec2:StopInstances",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"ec2:DescribeTags",
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
],
"Resource": "arn:aws:ec2:region:account-id:instance/*",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/Project": "DataAnalytics",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"aws:PrincipalTag/Department": "Data",
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
}
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
}
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
],
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ListYourObjects",
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": ["arn:aws:s3:::bucket-name"],
"Condition": {
"StringLike": {
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"s3:prefix": [
"cognito/application-name/${cognito-identity.amazonaws.com:sub}"
]
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
}
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Sid": "ReadWriteDeleteYourObjects",
"Effect": "Allow",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Action": ["s3:GetObject", "s3:PutObject", "s3:DeleteObject"],
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
"Resource": [
"arn:aws:s3:::bucket-name/cognito/application-name/${cognito-identity.amazonaws.com:sub}",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"arn:aws:s3:::bucket-name/cognito/application-name/${cognito-identity.amazonaws.com:sub}/*",
],
},
],
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Action": ["s3:ListAllMyBuckets", "s3:GetBucketLocation"],
"Resource": "*",
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::bucket-name",
"Condition": {
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"StringLike": {"s3:prefix": ["", "home/", "home/${aws:userid}/*"]}
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::bucket-name/home/${aws:userid}",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"arn:aws:s3:::bucket-name/home/${aws:userid}/*",
],
},
],
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ConsoleAccess",
"Effect": "Allow",
"Action": [
"s3:GetAccountPublicAccessBlock",
"s3:GetBucketAcl",
"s3:GetBucketLocation",
"s3:GetBucketPolicyStatus",
"s3:GetBucketPublicAccessBlock",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"s3:ListAllMyBuckets",
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
],
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": "*",
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Sid": "ListObjectsInBucket",
"Effect": "Allow",
"Action": "s3:ListBucket",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": ["arn:aws:s3:::bucket-name"],
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Sid": "AllObjectActions",
"Effect": "Allow",
"Action": "s3:*Object",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": ["arn:aws:s3:::bucket-name/*"],
},
],
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowViewAccountInfo",
"Effect": "Allow",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Action": ["iam:GetAccountPasswordPolicy", "iam:GetAccountSummary"],
"Resource": "*",
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Sid": "AllowManageOwnPasswords",
"Effect": "Allow",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Action": ["iam:ChangePassword", "iam:GetUser"],
"Resource": "arn:aws:iam::*:user/${aws:username}",
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Sid": "AllowManageOwnAccessKeys",
"Effect": "Allow",
"Action": [
"iam:CreateAccessKey",
"iam:DeleteAccessKey",
"iam:ListAccessKeys",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"iam:UpdateAccessKey",
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
],
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": "arn:aws:iam::*:user/${aws:username}",
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Sid": "AllowManageOwnSigningCertificates",
"Effect": "Allow",
"Action": [
"iam:DeleteSigningCertificate",
"iam:ListSigningCertificates",
"iam:UpdateSigningCertificate",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"iam:UploadSigningCertificate",
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
],
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": "arn:aws:iam::*:user/${aws:username}",
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Sid": "AllowManageOwnSSHPublicKeys",
"Effect": "Allow",
"Action": [
"iam:DeleteSSHPublicKey",
"iam:GetSSHPublicKey",
"iam:ListSSHPublicKeys",
"iam:UpdateSSHPublicKey",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"iam:UploadSSHPublicKey",
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
],
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": "arn:aws:iam::*:user/${aws:username}",
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Sid": "AllowManageOwnGitCredentials",
"Effect": "Allow",
"Action": [
"iam:CreateServiceSpecificCredential",
"iam:DeleteServiceSpecificCredential",
"iam:ListServiceSpecificCredentials",
"iam:ResetServiceSpecificCredential",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"iam:UpdateServiceSpecificCredential",
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
],
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": "arn:aws:iam::*:user/${aws:username}",
},
],
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "ec2:*",
"Resource": "*",
"Effect": "Allow",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Condition": {"StringEquals": {"ec2:Region": "region"}},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
}
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
],
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "rds:*",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": ["arn:aws:rds:region:*:*"],
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
},
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
{"Effect": "Allow", "Action": ["rds:Describe*"], "Resource": ["*"]},
],
Fix multiple IAM Policy Statement creation with empty sid
2019-09-10 23:43:50 -03:00
},
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Action": "rds:*",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": ["arn:aws:rds:region:*:*"],
Fix multiple IAM Policy Statement creation with empty sid
2019-09-10 23:43:50 -03:00
},
{
"Sid": "",
"Effect": "Allow",
"Action": ["rds:Describe*"],
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"Resource": ["*"],
},
],
},
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
]
Created tests for policy documents.
2019-06-30 13:47:17 +02:00
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
Fix: yield tests ignored by pytest runner (#3500) Closes #3499
2020-11-25 02:48:05 -08:00
@pytest.mark.parametrize("invalid_policy_document", invalid_policy_document_test_cases)
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
@mock_iam
Fix: yield tests ignored by pytest runner (#3500) Closes #3499
2020-11-25 02:48:05 -08:00
def test_create_policy_with_invalid_policy_document(invalid_policy_document):
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
conn = boto3.client("iam", region_name="us-east-1")
Port test suite from nose to pytest. This just eliminates all errors on the tests collection. Elimination of failures is left to the next commit.
2020-10-06 07:54:49 +02:00
with pytest.raises(ClientError) as ex:
Reorganized tests using a generator method and fixed error messages.
2019-06-30 17:04:02 +02:00
conn.create_policy(
PolicyName="TestCreatePolicy",
Fix: yield tests ignored by pytest runner (#3500) Closes #3499
2020-11-25 02:48:05 -08:00
PolicyDocument=json.dumps(invalid_policy_document["document"]),
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
)
Finish porting from nose to pytest.
2020-10-06 08:04:09 +02:00
ex.value.response["Error"]["Code"].should.equal("MalformedPolicyDocument")
ex.value.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(400)
Fix: yield tests ignored by pytest runner (#3500) Closes #3499
2020-11-25 02:48:05 -08:00
ex.value.response["Error"]["Message"].should.equal(
invalid_policy_document["error_message"]
)
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
Fix: yield tests ignored by pytest runner (#3500) Closes #3499
2020-11-25 02:48:05 -08:00
@pytest.mark.parametrize("valid_policy_document", valid_policy_documents)
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
@mock_iam
Fix: yield tests ignored by pytest runner (#3500) Closes #3499
2020-11-25 02:48:05 -08:00
def test_create_policy_with_valid_policy_document(valid_policy_document):
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
conn = boto3.client("iam", region_name="us-east-1")
Added tests for valid policy documents.
2019-07-01 18:21:54 +02:00
conn.create_policy(
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
PolicyName="TestCreatePolicy", PolicyDocument=json.dumps(valid_policy_document)
)
Reference in New Issue Copy Permalink