2023-11-30 15:55:51 +00:00
|
|
|
from uuid import uuid4
|
2020-11-20 22:00:53 +00:00
|
|
|
|
|
|
|
import boto3
|
2023-11-30 15:55:51 +00:00
|
|
|
import pytest
|
2020-11-20 22:00:53 +00:00
|
|
|
from botocore.exceptions import ClientError
|
|
|
|
|
2021-10-18 19:44:29 +00:00
|
|
|
from moto import mock_ec2, mock_iam
|
2021-01-13 09:02:11 +00:00
|
|
|
from tests import EXAMPLE_AMI_ID
|
2020-11-20 22:00:53 +00:00
|
|
|
|
|
|
|
|
|
|
|
def quick_instance_creation():
|
|
|
|
conn_ec2 = boto3.resource("ec2", "us-east-1")
|
2021-01-13 09:02:11 +00:00
|
|
|
test_instance = conn_ec2.create_instances(
|
|
|
|
ImageId=EXAMPLE_AMI_ID, MinCount=1, MaxCount=1
|
|
|
|
)
|
2020-11-20 22:00:53 +00:00
|
|
|
# We only need instance id for this tests
|
|
|
|
return test_instance[0].id
|
|
|
|
|
|
|
|
|
|
|
|
def quick_instance_profile_creation(name):
|
|
|
|
conn_iam = boto3.resource("iam", "us-east-1")
|
|
|
|
test_instance_profile = conn_iam.create_instance_profile(
|
|
|
|
InstanceProfileName=name, Path="/"
|
|
|
|
)
|
|
|
|
return test_instance_profile.arn, test_instance_profile.name
|
|
|
|
|
|
|
|
|
|
|
|
@mock_ec2
|
|
|
|
@mock_iam
|
|
|
|
def test_associate():
|
|
|
|
client = boto3.client("ec2", region_name="us-east-1")
|
|
|
|
instance_id = quick_instance_creation()
|
|
|
|
instance_profile_arn, instance_profile_name = quick_instance_profile_creation(
|
2021-10-05 17:11:07 +00:00
|
|
|
str(uuid4())
|
2020-11-20 22:00:53 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
association = client.associate_iam_instance_profile(
|
|
|
|
IamInstanceProfile={
|
|
|
|
"Arn": instance_profile_arn,
|
|
|
|
"Name": instance_profile_name,
|
|
|
|
},
|
|
|
|
InstanceId=instance_id,
|
|
|
|
)
|
2023-07-17 09:31:05 +00:00
|
|
|
assert association["IamInstanceProfileAssociation"]["InstanceId"] == instance_id
|
|
|
|
assert (
|
|
|
|
association["IamInstanceProfileAssociation"]["IamInstanceProfile"]["Arn"]
|
|
|
|
== instance_profile_arn
|
|
|
|
)
|
|
|
|
assert association["IamInstanceProfileAssociation"]["State"] == "associating"
|
2020-11-20 22:00:53 +00:00
|
|
|
|
|
|
|
|
|
|
|
@mock_ec2
|
|
|
|
@mock_iam
|
|
|
|
def test_invalid_associate():
|
|
|
|
client = boto3.client("ec2", region_name="us-east-1")
|
|
|
|
instance_id = quick_instance_creation()
|
|
|
|
instance_profile_arn, instance_profile_name = quick_instance_profile_creation(
|
2021-10-05 17:11:07 +00:00
|
|
|
str(uuid4())
|
2020-11-20 22:00:53 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
client.associate_iam_instance_profile(
|
|
|
|
IamInstanceProfile={
|
|
|
|
"Arn": instance_profile_arn,
|
|
|
|
"Name": instance_profile_name,
|
|
|
|
},
|
|
|
|
InstanceId=instance_id,
|
|
|
|
)
|
|
|
|
|
|
|
|
# Duplicate
|
|
|
|
with pytest.raises(ClientError) as ex:
|
|
|
|
client.associate_iam_instance_profile(
|
|
|
|
IamInstanceProfile={
|
|
|
|
"Arn": instance_profile_arn,
|
|
|
|
"Name": instance_profile_name,
|
|
|
|
},
|
|
|
|
InstanceId=instance_id,
|
|
|
|
)
|
2023-07-17 09:31:05 +00:00
|
|
|
assert ex.value.response["Error"]["Code"] == "IncorrectState"
|
|
|
|
assert (
|
|
|
|
"There is an existing association for" in ex.value.response["Error"]["Message"]
|
2020-11-20 22:00:53 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
# Wrong instance profile
|
|
|
|
with pytest.raises(ClientError) as ex:
|
|
|
|
client.associate_iam_instance_profile(
|
|
|
|
IamInstanceProfile={"Arn": "fake", "Name": "fake"}, InstanceId=instance_id
|
|
|
|
)
|
2023-07-17 09:31:05 +00:00
|
|
|
assert ex.value.response["Error"]["Code"] == "NoSuchEntity"
|
|
|
|
assert "not found" in ex.value.response["Error"]["Message"]
|
2020-11-20 22:00:53 +00:00
|
|
|
|
|
|
|
# Wrong instance id
|
|
|
|
with pytest.raises(ClientError) as ex:
|
|
|
|
client.associate_iam_instance_profile(
|
|
|
|
IamInstanceProfile={
|
|
|
|
"Arn": instance_profile_arn,
|
|
|
|
"Name": instance_profile_name,
|
|
|
|
},
|
|
|
|
InstanceId="fake",
|
|
|
|
)
|
2023-07-17 09:31:05 +00:00
|
|
|
assert ex.value.response["Error"]["Code"] == "InvalidInstanceID.NotFound"
|
|
|
|
assert "does not exist" in ex.value.response["Error"]["Message"]
|
2020-11-20 22:00:53 +00:00
|
|
|
|
|
|
|
|
|
|
|
@mock_ec2
|
|
|
|
@mock_iam
|
|
|
|
def test_describe():
|
|
|
|
client = boto3.client("ec2", region_name="us-east-1")
|
|
|
|
|
2021-10-05 17:11:07 +00:00
|
|
|
instance_id1 = quick_instance_creation()
|
|
|
|
instance_profile_arn1, instance_profile_name1 = quick_instance_profile_creation(
|
|
|
|
str(uuid4())
|
2020-11-20 22:00:53 +00:00
|
|
|
)
|
|
|
|
client.associate_iam_instance_profile(
|
|
|
|
IamInstanceProfile={
|
2021-10-05 17:11:07 +00:00
|
|
|
"Arn": instance_profile_arn1,
|
|
|
|
"Name": instance_profile_name1,
|
2020-11-20 22:00:53 +00:00
|
|
|
},
|
2021-10-05 17:11:07 +00:00
|
|
|
InstanceId=instance_id1,
|
2020-11-20 22:00:53 +00:00
|
|
|
)
|
|
|
|
associations = client.describe_iam_instance_profile_associations()
|
2021-10-05 17:11:07 +00:00
|
|
|
associations = associations["IamInstanceProfileAssociations"]
|
2023-07-17 09:31:05 +00:00
|
|
|
assert instance_profile_arn1 in [
|
|
|
|
a["IamInstanceProfile"]["Arn"] for a in associations
|
|
|
|
]
|
2021-10-05 17:11:07 +00:00
|
|
|
my_assoc = [
|
|
|
|
a
|
|
|
|
for a in associations
|
|
|
|
if a["IamInstanceProfile"]["Arn"] == instance_profile_arn1
|
|
|
|
][0]
|
2023-07-17 09:31:05 +00:00
|
|
|
assert my_assoc["InstanceId"] == instance_id1
|
|
|
|
assert my_assoc["State"] == "associated"
|
2021-10-05 17:11:07 +00:00
|
|
|
|
|
|
|
instance_id2 = quick_instance_creation()
|
|
|
|
instance_profile_arn2, instance_profile_name2 = quick_instance_profile_creation(
|
|
|
|
str(uuid4())
|
2020-11-20 22:00:53 +00:00
|
|
|
)
|
|
|
|
client.associate_iam_instance_profile(
|
|
|
|
IamInstanceProfile={
|
2021-10-05 17:11:07 +00:00
|
|
|
"Arn": instance_profile_arn2,
|
|
|
|
"Name": instance_profile_name2,
|
2020-11-20 22:00:53 +00:00
|
|
|
},
|
2021-10-05 17:11:07 +00:00
|
|
|
InstanceId=instance_id2,
|
2020-11-20 22:00:53 +00:00
|
|
|
)
|
|
|
|
|
2021-10-05 17:11:07 +00:00
|
|
|
associations = client.describe_iam_instance_profile_associations()
|
|
|
|
associations = associations["IamInstanceProfileAssociations"]
|
2023-07-17 09:31:05 +00:00
|
|
|
assert instance_profile_arn1 in [
|
|
|
|
a["IamInstanceProfile"]["Arn"] for a in associations
|
|
|
|
]
|
|
|
|
assert instance_profile_arn2 in [
|
|
|
|
a["IamInstanceProfile"]["Arn"] for a in associations
|
|
|
|
]
|
2021-10-05 17:11:07 +00:00
|
|
|
my_assoc = [
|
|
|
|
a
|
|
|
|
for a in associations
|
|
|
|
if a["IamInstanceProfile"]["Arn"] == instance_profile_arn1
|
|
|
|
][0]
|
2020-11-20 22:00:53 +00:00
|
|
|
|
|
|
|
associations = client.describe_iam_instance_profile_associations(
|
2021-10-05 17:11:07 +00:00
|
|
|
AssociationIds=[my_assoc["AssociationId"]]
|
2020-11-20 22:00:53 +00:00
|
|
|
)
|
2023-07-17 09:31:05 +00:00
|
|
|
assert len(associations["IamInstanceProfileAssociations"]) == 1
|
|
|
|
assert (
|
|
|
|
associations["IamInstanceProfileAssociations"][0]["IamInstanceProfile"]["Arn"]
|
|
|
|
== my_assoc["IamInstanceProfile"]["Arn"]
|
|
|
|
)
|
2020-11-20 22:00:53 +00:00
|
|
|
|
|
|
|
associations = client.describe_iam_instance_profile_associations(
|
|
|
|
Filters=[
|
2021-10-05 17:11:07 +00:00
|
|
|
{"Name": "instance-id", "Values": [my_assoc["InstanceId"]]},
|
2020-11-20 22:00:53 +00:00
|
|
|
{"Name": "state", "Values": ["associated"]},
|
|
|
|
]
|
|
|
|
)
|
2023-07-17 09:31:05 +00:00
|
|
|
assert len(associations["IamInstanceProfileAssociations"]) == 1
|
|
|
|
assert (
|
|
|
|
associations["IamInstanceProfileAssociations"][0]["IamInstanceProfile"]["Arn"]
|
|
|
|
== my_assoc["IamInstanceProfile"]["Arn"]
|
|
|
|
)
|
2020-11-20 22:00:53 +00:00
|
|
|
|
|
|
|
|
|
|
|
@mock_ec2
|
|
|
|
@mock_iam
|
|
|
|
def test_replace():
|
|
|
|
client = boto3.client("ec2", region_name="us-east-1")
|
|
|
|
instance_id1 = quick_instance_creation()
|
|
|
|
instance_profile_arn1, instance_profile_name1 = quick_instance_profile_creation(
|
2021-10-05 17:11:07 +00:00
|
|
|
str(uuid4())
|
2020-11-20 22:00:53 +00:00
|
|
|
)
|
|
|
|
instance_profile_arn2, instance_profile_name2 = quick_instance_profile_creation(
|
2021-10-05 17:11:07 +00:00
|
|
|
str(uuid4())
|
2020-11-20 22:00:53 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
association = client.associate_iam_instance_profile(
|
|
|
|
IamInstanceProfile={
|
|
|
|
"Arn": instance_profile_arn1,
|
|
|
|
"Name": instance_profile_name1,
|
|
|
|
},
|
|
|
|
InstanceId=instance_id1,
|
|
|
|
)
|
|
|
|
|
|
|
|
association = client.replace_iam_instance_profile_association(
|
|
|
|
IamInstanceProfile={
|
|
|
|
"Arn": instance_profile_arn2,
|
|
|
|
"Name": instance_profile_name2,
|
|
|
|
},
|
|
|
|
AssociationId=association["IamInstanceProfileAssociation"]["AssociationId"],
|
|
|
|
)
|
|
|
|
|
2023-07-17 09:31:05 +00:00
|
|
|
assert (
|
|
|
|
association["IamInstanceProfileAssociation"]["IamInstanceProfile"]["Arn"]
|
|
|
|
== instance_profile_arn2
|
|
|
|
)
|
|
|
|
assert association["IamInstanceProfileAssociation"]["State"] == "associating"
|
2020-11-20 22:00:53 +00:00
|
|
|
|
|
|
|
|
|
|
|
@mock_ec2
|
|
|
|
@mock_iam
|
|
|
|
def test_invalid_replace():
|
|
|
|
client = boto3.client("ec2", region_name="us-east-1")
|
|
|
|
instance_id = quick_instance_creation()
|
|
|
|
instance_profile_arn, instance_profile_name = quick_instance_profile_creation(
|
2021-10-05 17:11:07 +00:00
|
|
|
str(uuid4())
|
2020-11-20 22:00:53 +00:00
|
|
|
)
|
|
|
|
instance_profile_arn2, instance_profile_name2 = quick_instance_profile_creation(
|
2021-10-05 17:11:07 +00:00
|
|
|
str(uuid4())
|
2020-11-20 22:00:53 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
association = client.associate_iam_instance_profile(
|
|
|
|
IamInstanceProfile={
|
|
|
|
"Arn": instance_profile_arn,
|
|
|
|
"Name": instance_profile_name,
|
|
|
|
},
|
|
|
|
InstanceId=instance_id,
|
|
|
|
)
|
|
|
|
|
|
|
|
# Wrong id
|
|
|
|
with pytest.raises(ClientError) as ex:
|
|
|
|
client.replace_iam_instance_profile_association(
|
|
|
|
IamInstanceProfile={
|
|
|
|
"Arn": instance_profile_arn2,
|
|
|
|
"Name": instance_profile_name2,
|
|
|
|
},
|
|
|
|
AssociationId="fake",
|
|
|
|
)
|
2023-07-17 09:31:05 +00:00
|
|
|
assert ex.value.response["Error"]["Code"] == "InvalidAssociationID.NotFound"
|
|
|
|
assert "An invalid association-id of" in ex.value.response["Error"]["Message"]
|
2020-11-20 22:00:53 +00:00
|
|
|
|
|
|
|
# Wrong instance profile
|
|
|
|
with pytest.raises(ClientError) as ex:
|
|
|
|
client.replace_iam_instance_profile_association(
|
|
|
|
IamInstanceProfile={"Arn": "fake", "Name": "fake"},
|
|
|
|
AssociationId=association["IamInstanceProfileAssociation"]["AssociationId"],
|
|
|
|
)
|
2023-07-17 09:31:05 +00:00
|
|
|
assert ex.value.response["Error"]["Code"] == "NoSuchEntity"
|
|
|
|
assert "not found" in ex.value.response["Error"]["Message"]
|
2020-11-20 22:00:53 +00:00
|
|
|
|
|
|
|
|
|
|
|
@mock_ec2
|
|
|
|
@mock_iam
|
|
|
|
def test_disassociate():
|
|
|
|
client = boto3.client("ec2", region_name="us-east-1")
|
|
|
|
instance_id = quick_instance_creation()
|
|
|
|
instance_profile_arn, instance_profile_name = quick_instance_profile_creation(
|
2021-10-05 17:11:07 +00:00
|
|
|
str(uuid4())
|
2020-11-20 22:00:53 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
association = client.associate_iam_instance_profile(
|
|
|
|
IamInstanceProfile={
|
|
|
|
"Arn": instance_profile_arn,
|
|
|
|
"Name": instance_profile_name,
|
|
|
|
},
|
|
|
|
InstanceId=instance_id,
|
|
|
|
)
|
|
|
|
|
|
|
|
associations = client.describe_iam_instance_profile_associations()
|
2021-10-05 17:11:07 +00:00
|
|
|
associations = associations["IamInstanceProfileAssociations"]
|
2023-07-17 09:31:05 +00:00
|
|
|
assert instance_profile_arn in [
|
|
|
|
a["IamInstanceProfile"]["Arn"] for a in associations
|
|
|
|
]
|
2020-11-20 22:00:53 +00:00
|
|
|
|
|
|
|
disassociation = client.disassociate_iam_instance_profile(
|
|
|
|
AssociationId=association["IamInstanceProfileAssociation"]["AssociationId"]
|
|
|
|
)
|
|
|
|
|
2023-07-17 09:31:05 +00:00
|
|
|
assert (
|
|
|
|
disassociation["IamInstanceProfileAssociation"]["IamInstanceProfile"]["Arn"]
|
|
|
|
== instance_profile_arn
|
2020-11-20 22:00:53 +00:00
|
|
|
)
|
2023-07-17 09:31:05 +00:00
|
|
|
assert disassociation["IamInstanceProfileAssociation"]["State"] == "disassociating"
|
2020-11-20 22:00:53 +00:00
|
|
|
|
|
|
|
associations = client.describe_iam_instance_profile_associations()
|
2021-10-05 17:11:07 +00:00
|
|
|
associations = associations["IamInstanceProfileAssociations"]
|
2023-07-17 09:31:05 +00:00
|
|
|
assert instance_profile_arn not in [
|
|
|
|
a["IamInstanceProfile"]["Arn"] for a in associations
|
|
|
|
]
|
2020-11-20 22:00:53 +00:00
|
|
|
|
|
|
|
|
|
|
|
@mock_ec2
|
|
|
|
@mock_iam
|
|
|
|
def test_invalid_disassociate():
|
|
|
|
client = boto3.client("ec2", region_name="us-east-1")
|
|
|
|
|
|
|
|
# Wrong id
|
|
|
|
with pytest.raises(ClientError) as ex:
|
|
|
|
client.disassociate_iam_instance_profile(AssociationId="fake")
|
2023-07-17 09:31:05 +00:00
|
|
|
assert ex.value.response["Error"]["Code"] == "InvalidAssociationID.NotFound"
|
|
|
|
assert "An invalid association-id of" in ex.value.response["Error"]["Message"]
|