| 
									
										
										
										
											2018-10-16 17:14:23 -07:00
										 |  |  | from datetime import datetime | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-03-05 04:56:36 +01:00
										 |  |  | import boto3 | 
					
						
							| 
									
										
										
										
											2021-09-22 19:42:42 +00:00
										 |  |  | import json | 
					
						
							| 
									
										
										
										
											2015-04-30 19:32:53 -04:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-10-06 07:54:49 +02:00
										 |  |  | import pytest | 
					
						
							| 
									
										
										
										
											2019-11-08 01:19:45 -08:00
										 |  |  | from botocore.exceptions import ClientError | 
					
						
							| 
									
										
										
										
											2023-05-19 13:33:56 +01:00
										 |  |  | from moto import mock_iam, settings | 
					
						
							| 
									
										
										
										
											2022-08-13 09:49:43 +00:00
										 |  |  | from moto.core import DEFAULT_ACCOUNT_ID as ACCOUNT_ID | 
					
						
							| 
									
										
										
										
											2023-09-11 22:23:44 +00:00
										 |  |  | from moto.core.utils import utcnow | 
					
						
							| 
									
										
										
										
											2023-05-19 13:33:56 +01:00
										 |  |  | from moto.backends import get_backend | 
					
						
							|  |  |  | from freezegun import freeze_time | 
					
						
							|  |  |  | from dateutil.tz import tzlocal | 
					
						
							| 
									
										
										
										
											2015-04-30 19:32:53 -04:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-06-30 17:57:50 +02:00
										 |  |  | MOCK_POLICY = """
 | 
					
						
							|  |  |  | { | 
					
						
							|  |  |  |   "Version": "2012-10-17", | 
					
						
							|  |  |  |   "Statement": | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |       "Effect": "Allow", | 
					
						
							|  |  |  |       "Action": "s3:ListBucket", | 
					
						
							|  |  |  |       "Resource": "arn:aws:s3:::example_bucket" | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | """
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-04-30 19:32:53 -04:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-09-22 19:42:42 +00:00
										 |  |  | @mock_iam | 
					
						
							| 
									
										
										
										
											2023-02-03 11:07:02 -01:00
										 |  |  | def test_create_group(): | 
					
						
							| 
									
										
										
										
											2021-09-22 19:42:42 +00:00
										 |  |  |     conn = boto3.client("iam", region_name="us-east-1") | 
					
						
							|  |  |  |     conn.create_group(GroupName="my-group") | 
					
						
							|  |  |  |     with pytest.raises(ClientError) as ex: | 
					
						
							|  |  |  |         conn.create_group(GroupName="my-group") | 
					
						
							|  |  |  |     err = ex.value.response["Error"] | 
					
						
							| 
									
										
										
										
											2023-07-30 19:37:08 +00:00
										 |  |  |     assert err["Code"] == "Group my-group already exists" | 
					
						
							|  |  |  |     assert err["Message"] is None | 
					
						
							| 
									
										
										
										
											2021-09-22 19:42:42 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_iam | 
					
						
							| 
									
										
										
										
											2023-02-03 11:07:02 -01:00
										 |  |  | def test_get_group(): | 
					
						
							| 
									
										
										
										
											2021-09-22 19:42:42 +00:00
										 |  |  |     conn = boto3.client("iam", region_name="us-east-1") | 
					
						
							|  |  |  |     created = conn.create_group(GroupName="my-group")["Group"] | 
					
						
							| 
									
										
										
										
											2023-07-30 19:37:08 +00:00
										 |  |  |     assert created["Path"] == "/" | 
					
						
							|  |  |  |     assert created["GroupName"] == "my-group" | 
					
						
							|  |  |  |     assert "GroupId" in created | 
					
						
							|  |  |  |     assert created["Arn"] == f"arn:aws:iam::{ACCOUNT_ID}:group/my-group" | 
					
						
							|  |  |  |     assert isinstance(created["CreateDate"], datetime) | 
					
						
							| 
									
										
										
										
											2021-09-22 19:42:42 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |     retrieved = conn.get_group(GroupName="my-group")["Group"] | 
					
						
							| 
									
										
										
										
											2023-07-30 19:37:08 +00:00
										 |  |  |     assert retrieved == created | 
					
						
							| 
									
										
										
										
											2021-09-22 19:42:42 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |     with pytest.raises(ClientError) as ex: | 
					
						
							|  |  |  |         conn.get_group(GroupName="not-group") | 
					
						
							|  |  |  |     err = ex.value.response["Error"] | 
					
						
							| 
									
										
										
										
											2023-07-30 19:37:08 +00:00
										 |  |  |     assert err["Code"] == "NoSuchEntity" | 
					
						
							|  |  |  |     assert err["Message"] == "Group not-group not found" | 
					
						
							| 
									
										
										
										
											2021-09-22 19:42:42 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-10-16 17:14:23 -07:00
										 |  |  | @mock_iam() | 
					
						
							|  |  |  | def test_get_group_current(): | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     conn = boto3.client("iam", region_name="us-east-1") | 
					
						
							|  |  |  |     conn.create_group(GroupName="my-group") | 
					
						
							|  |  |  |     result = conn.get_group(GroupName="my-group") | 
					
						
							| 
									
										
										
										
											2018-10-16 17:14:23 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     assert result["Group"]["Path"] == "/" | 
					
						
							|  |  |  |     assert result["Group"]["GroupName"] == "my-group" | 
					
						
							|  |  |  |     assert isinstance(result["Group"]["CreateDate"], datetime) | 
					
						
							|  |  |  |     assert result["Group"]["GroupId"] | 
					
						
							| 
									
										
										
										
											2022-11-17 21:41:08 -01:00
										 |  |  |     assert result["Group"]["Arn"] == f"arn:aws:iam::{ACCOUNT_ID}:group/my-group" | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     assert not result["Users"] | 
					
						
							| 
									
										
										
										
											2018-10-16 17:14:23 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  |     # Make a group with a different path: | 
					
						
							| 
									
										
										
										
											2023-02-25 19:24:03 -01:00
										 |  |  |     other_group = conn.create_group(GroupName="my-other-group", Path="/some/location/") | 
					
						
							|  |  |  |     assert other_group["Group"]["Path"] == "/some/location/" | 
					
						
							| 
									
										
										
										
											2022-11-17 21:41:08 -01:00
										 |  |  |     assert ( | 
					
						
							|  |  |  |         other_group["Group"]["Arn"] | 
					
						
							|  |  |  |         == f"arn:aws:iam::{ACCOUNT_ID}:group/some/location/my-other-group" | 
					
						
							|  |  |  |     ) | 
					
						
							| 
									
										
										
										
											2018-10-16 17:14:23 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-09-22 19:42:42 +00:00
										 |  |  | @mock_iam | 
					
						
							| 
									
										
										
										
											2023-02-03 11:07:02 -01:00
										 |  |  | def test_get_all_groups(): | 
					
						
							| 
									
										
										
										
											2021-09-22 19:42:42 +00:00
										 |  |  |     conn = boto3.client("iam", region_name="us-east-1") | 
					
						
							|  |  |  |     conn.create_group(GroupName="my-group1") | 
					
						
							|  |  |  |     conn.create_group(GroupName="my-group2") | 
					
						
							|  |  |  |     groups = conn.list_groups()["Groups"] | 
					
						
							| 
									
										
										
										
											2023-07-30 19:37:08 +00:00
										 |  |  |     assert len(groups) == 2 | 
					
						
							| 
									
										
										
										
											2021-09-22 19:42:42 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-09-26 21:59:37 +00:00
										 |  |  |     assert all([g["CreateDate"] for g in groups]) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-09-22 19:42:42 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  | @mock_iam | 
					
						
							|  |  |  | def test_add_unknown_user_to_group(): | 
					
						
							|  |  |  |     conn = boto3.client("iam", region_name="us-east-1") | 
					
						
							|  |  |  |     with pytest.raises(ClientError) as ex: | 
					
						
							|  |  |  |         conn.add_user_to_group(GroupName="my-group", UserName="my-user") | 
					
						
							|  |  |  |     err = ex.value.response["Error"] | 
					
						
							| 
									
										
										
										
											2023-07-30 19:37:08 +00:00
										 |  |  |     assert err["Code"] == "NoSuchEntity" | 
					
						
							|  |  |  |     assert err["Message"] == "The user with name my-user cannot be found." | 
					
						
							| 
									
										
										
										
											2021-09-22 19:42:42 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_iam | 
					
						
							|  |  |  | def test_add_user_to_unknown_group(): | 
					
						
							|  |  |  |     conn = boto3.client("iam", region_name="us-east-1") | 
					
						
							|  |  |  |     conn.create_user(UserName="my-user") | 
					
						
							|  |  |  |     with pytest.raises(ClientError) as ex: | 
					
						
							|  |  |  |         conn.add_user_to_group(GroupName="my-group", UserName="my-user") | 
					
						
							|  |  |  |     err = ex.value.response["Error"] | 
					
						
							| 
									
										
										
										
											2023-07-30 19:37:08 +00:00
										 |  |  |     assert err["Code"] == "NoSuchEntity" | 
					
						
							|  |  |  |     assert err["Message"] == "Group my-group not found" | 
					
						
							| 
									
										
										
										
											2021-09-22 19:42:42 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_iam | 
					
						
							| 
									
										
										
										
											2023-02-03 11:07:02 -01:00
										 |  |  | def test_add_user_to_group(): | 
					
						
							| 
									
										
										
										
											2023-05-19 13:33:56 +01:00
										 |  |  |     # Setup | 
					
						
							|  |  |  |     frozen_time = datetime(2023, 5, 20, 10, 20, 30, tzinfo=tzlocal()) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     group = "my-group" | 
					
						
							|  |  |  |     user = "my-user" | 
					
						
							|  |  |  |     with freeze_time(frozen_time): | 
					
						
							|  |  |  |         conn = boto3.client("iam", region_name="us-east-1") | 
					
						
							|  |  |  |         conn.create_group(GroupName=group) | 
					
						
							|  |  |  |         conn.create_user(UserName=user) | 
					
						
							|  |  |  |         conn.add_user_to_group(GroupName=group, UserName=user) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         # use internal api to set password, doesn't work in servermode | 
					
						
							|  |  |  |         if not settings.TEST_SERVER_MODE: | 
					
						
							|  |  |  |             iam_backend = get_backend("iam")[ACCOUNT_ID]["global"] | 
					
						
							| 
									
										
										
										
											2023-09-11 22:23:44 +00:00
										 |  |  |             iam_backend.users[user].password_last_used = utcnow() | 
					
						
							| 
									
										
										
										
											2023-05-19 13:33:56 +01:00
										 |  |  |     # Execute | 
					
						
							|  |  |  |     result = conn.get_group(GroupName=group) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     # Verify | 
					
						
							|  |  |  |     assert len(result["Users"]) == 1 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     # if in servermode then we can't test for password because we can't | 
					
						
							|  |  |  |     # manipulate the backend with internal an api | 
					
						
							|  |  |  |     if settings.TEST_SERVER_MODE: | 
					
						
							|  |  |  |         assert "CreateDate" in result["Users"][0] | 
					
						
							|  |  |  |         return | 
					
						
							|  |  |  |     assert result["Users"][0]["CreateDate"] == frozen_time | 
					
						
							|  |  |  |     assert result["Users"][0]["PasswordLastUsed"] == frozen_time | 
					
						
							| 
									
										
										
										
											2021-09-22 19:42:42 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_iam | 
					
						
							|  |  |  | def test_remove_user_from_unknown_group(): | 
					
						
							|  |  |  |     conn = boto3.client("iam", region_name="us-east-1") | 
					
						
							|  |  |  |     with pytest.raises(ClientError) as ex: | 
					
						
							|  |  |  |         conn.remove_user_from_group(GroupName="my-group", UserName="my-user") | 
					
						
							|  |  |  |     err = ex.value.response["Error"] | 
					
						
							| 
									
										
										
										
											2023-07-30 19:37:08 +00:00
										 |  |  |     assert err["Code"] == "NoSuchEntity" | 
					
						
							|  |  |  |     assert err["Message"] == "Group my-group not found" | 
					
						
							| 
									
										
										
										
											2021-09-22 19:42:42 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_iam | 
					
						
							|  |  |  | def test_remove_nonattached_user_from_group(): | 
					
						
							|  |  |  |     conn = boto3.client("iam", region_name="us-east-1") | 
					
						
							|  |  |  |     conn.create_group(GroupName="my-group") | 
					
						
							|  |  |  |     conn.create_user(UserName="my-user") | 
					
						
							|  |  |  |     with pytest.raises(ClientError) as ex: | 
					
						
							|  |  |  |         conn.remove_user_from_group(GroupName="my-group", UserName="my-user") | 
					
						
							|  |  |  |     err = ex.value.response["Error"] | 
					
						
							| 
									
										
										
										
											2023-07-30 19:37:08 +00:00
										 |  |  |     assert err["Code"] == "NoSuchEntity" | 
					
						
							|  |  |  |     assert err["Message"] == "User my-user not in group my-group" | 
					
						
							| 
									
										
										
										
											2021-09-22 19:42:42 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_iam | 
					
						
							| 
									
										
										
										
											2023-02-03 11:07:02 -01:00
										 |  |  | def test_remove_user_from_group(): | 
					
						
							| 
									
										
										
										
											2021-09-22 19:42:42 +00:00
										 |  |  |     conn = boto3.client("iam", region_name="us-east-1") | 
					
						
							|  |  |  |     conn.create_group(GroupName="my-group") | 
					
						
							|  |  |  |     conn.create_user(UserName="my-user") | 
					
						
							|  |  |  |     conn.add_user_to_group(GroupName="my-group", UserName="my-user") | 
					
						
							|  |  |  |     conn.remove_user_from_group(GroupName="my-group", UserName="my-user") | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_iam | 
					
						
							| 
									
										
										
										
											2023-02-03 11:07:02 -01:00
										 |  |  | def test_add_user_should_be_idempotent(): | 
					
						
							|  |  |  |     conn = boto3.client("iam", region_name="us-east-1") | 
					
						
							|  |  |  |     conn.create_group(GroupName="my-group") | 
					
						
							|  |  |  |     conn.create_user(UserName="my-user") | 
					
						
							|  |  |  |     # We'll add the same user twice, but it should only be persisted once | 
					
						
							|  |  |  |     conn.add_user_to_group(GroupName="my-group", UserName="my-user") | 
					
						
							|  |  |  |     conn.add_user_to_group(GroupName="my-group", UserName="my-user") | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-07-30 19:37:08 +00:00
										 |  |  |     assert len(conn.list_groups_for_user(UserName="my-user")["Groups"]) == 1 | 
					
						
							| 
									
										
										
										
											2023-02-03 11:07:02 -01:00
										 |  |  | 
 | 
					
						
							|  |  |  |     # Which means that if we remove one, none should be left | 
					
						
							|  |  |  |     conn.remove_user_from_group(GroupName="my-group", UserName="my-user") | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-07-30 19:37:08 +00:00
										 |  |  |     assert len(conn.list_groups_for_user(UserName="my-user")["Groups"]) == 0 | 
					
						
							| 
									
										
										
										
											2023-02-03 11:07:02 -01:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_iam | 
					
						
							|  |  |  | def test_get_groups_for_user(): | 
					
						
							| 
									
										
										
										
											2021-09-22 19:42:42 +00:00
										 |  |  |     conn = boto3.client("iam", region_name="us-east-1") | 
					
						
							|  |  |  |     conn.create_group(GroupName="my-group1") | 
					
						
							|  |  |  |     conn.create_group(GroupName="my-group2") | 
					
						
							|  |  |  |     conn.create_group(GroupName="other-group") | 
					
						
							|  |  |  |     conn.create_user(UserName="my-user") | 
					
						
							|  |  |  |     conn.add_user_to_group(GroupName="my-group1", UserName="my-user") | 
					
						
							|  |  |  |     conn.add_user_to_group(GroupName="my-group2", UserName="my-user") | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     groups = conn.list_groups_for_user(UserName="my-user")["Groups"] | 
					
						
							| 
									
										
										
										
											2023-07-30 19:37:08 +00:00
										 |  |  |     assert len(groups) == 2 | 
					
						
							| 
									
										
										
										
											2021-09-22 19:42:42 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_iam | 
					
						
							| 
									
										
										
										
											2023-02-03 11:07:02 -01:00
										 |  |  | def test_put_group_policy(): | 
					
						
							| 
									
										
										
										
											2021-09-22 19:42:42 +00:00
										 |  |  |     conn = boto3.client("iam", region_name="us-east-1") | 
					
						
							|  |  |  |     conn.create_group(GroupName="my-group") | 
					
						
							|  |  |  |     conn.put_group_policy( | 
					
						
							|  |  |  |         GroupName="my-group", PolicyName="my-policy", PolicyDocument=MOCK_POLICY | 
					
						
							|  |  |  |     ) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-10-01 15:02:00 -07:00
										 |  |  | @mock_iam | 
					
						
							|  |  |  | def test_attach_group_policies(): | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     conn = boto3.client("iam", region_name="us-east-1") | 
					
						
							|  |  |  |     conn.create_group(GroupName="my-group") | 
					
						
							| 
									
										
										
										
											2023-07-30 19:37:08 +00:00
										 |  |  |     assert ( | 
					
						
							|  |  |  |         conn.list_attached_group_policies(GroupName="my-group")["AttachedPolicies"] | 
					
						
							|  |  |  |         == [] | 
					
						
							|  |  |  |     ) | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role" | 
					
						
							| 
									
										
										
										
											2023-07-30 19:37:08 +00:00
										 |  |  |     assert ( | 
					
						
							|  |  |  |         conn.list_attached_group_policies(GroupName="my-group")["AttachedPolicies"] | 
					
						
							|  |  |  |         == [] | 
					
						
							|  |  |  |     ) | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     conn.attach_group_policy(GroupName="my-group", PolicyArn=policy_arn) | 
					
						
							| 
									
										
										
										
											2023-07-30 19:37:08 +00:00
										 |  |  |     assert conn.list_attached_group_policies(GroupName="my-group")[ | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |         "AttachedPolicies" | 
					
						
							| 
									
										
										
										
											2023-07-30 19:37:08 +00:00
										 |  |  |     ] == [{"PolicyName": "AmazonElasticMapReduceforEC2Role", "PolicyArn": policy_arn}] | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  |     conn.detach_group_policy(GroupName="my-group", PolicyArn=policy_arn) | 
					
						
							| 
									
										
										
										
											2023-07-30 19:37:08 +00:00
										 |  |  |     assert ( | 
					
						
							|  |  |  |         conn.list_attached_group_policies(GroupName="my-group")["AttachedPolicies"] | 
					
						
							|  |  |  |         == [] | 
					
						
							|  |  |  |     ) | 
					
						
							| 
									
										
										
										
											2017-10-01 15:04:59 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-10-01 15:02:00 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-09-22 19:42:42 +00:00
										 |  |  | @mock_iam | 
					
						
							| 
									
										
										
										
											2023-02-03 11:07:02 -01:00
										 |  |  | def test_get_group_policy(): | 
					
						
							| 
									
										
										
										
											2021-09-22 19:42:42 +00:00
										 |  |  |     conn = boto3.client("iam", region_name="us-east-1") | 
					
						
							|  |  |  |     conn.create_group(GroupName="my-group") | 
					
						
							|  |  |  |     with pytest.raises(ClientError) as ex: | 
					
						
							|  |  |  |         conn.get_group_policy(GroupName="my-group", PolicyName="my-policy") | 
					
						
							|  |  |  |     err = ex.value.response["Error"] | 
					
						
							| 
									
										
										
										
											2023-07-30 19:37:08 +00:00
										 |  |  |     assert err["Code"] == "NoSuchEntity" | 
					
						
							|  |  |  |     assert err["Message"] == "Policy my-policy not found" | 
					
						
							| 
									
										
										
										
											2021-09-22 19:42:42 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |     conn.put_group_policy( | 
					
						
							|  |  |  |         GroupName="my-group", PolicyName="my-policy", PolicyDocument=MOCK_POLICY | 
					
						
							|  |  |  |     ) | 
					
						
							|  |  |  |     policy = conn.get_group_policy(GroupName="my-group", PolicyName="my-policy") | 
					
						
							| 
									
										
										
										
											2023-07-30 19:37:08 +00:00
										 |  |  |     assert policy["GroupName"] == "my-group" | 
					
						
							|  |  |  |     assert policy["PolicyName"] == "my-policy" | 
					
						
							|  |  |  |     assert policy["PolicyDocument"] == json.loads(MOCK_POLICY) | 
					
						
							| 
									
										
										
										
											2021-09-22 19:42:42 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-03-05 04:56:36 +01:00
										 |  |  | @mock_iam() | 
					
						
							|  |  |  | def test_list_group_policies(): | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     conn = boto3.client("iam", region_name="us-east-1") | 
					
						
							|  |  |  |     conn.create_group(GroupName="my-group") | 
					
						
							| 
									
										
										
										
											2023-07-30 19:37:08 +00:00
										 |  |  |     assert conn.list_group_policies(GroupName="my-group")["PolicyNames"] == [] | 
					
						
							| 
									
										
										
										
											2019-10-31 08:44:26 -07:00
										 |  |  |     conn.put_group_policy( | 
					
						
							|  |  |  |         GroupName="my-group", PolicyName="my-policy", PolicyDocument=MOCK_POLICY | 
					
						
							|  |  |  |     ) | 
					
						
							| 
									
										
										
										
											2023-07-30 19:37:08 +00:00
										 |  |  |     assert conn.list_group_policies(GroupName="my-group")["PolicyNames"] == [ | 
					
						
							|  |  |  |         "my-policy" | 
					
						
							|  |  |  |     ] | 
					
						
							| 
									
										
										
										
											2019-04-20 22:50:28 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_iam | 
					
						
							|  |  |  | def test_delete_group(): | 
					
						
							| 
									
										
										
										
											2019-11-08 01:19:45 -08:00
										 |  |  |     conn = boto3.client("iam", region_name="us-east-1") | 
					
						
							|  |  |  |     conn.create_group(GroupName="my-group") | 
					
						
							| 
									
										
										
										
											2019-04-20 22:50:28 +01:00
										 |  |  |     groups = conn.list_groups() | 
					
						
							| 
									
										
										
										
											2019-11-08 01:19:45 -08:00
										 |  |  |     assert groups["Groups"][0]["GroupName"] == "my-group" | 
					
						
							|  |  |  |     assert len(groups["Groups"]) == 1 | 
					
						
							|  |  |  |     conn.delete_group(GroupName="my-group") | 
					
						
							| 
									
										
										
										
											2023-07-30 19:37:08 +00:00
										 |  |  |     assert conn.list_groups()["Groups"] == [] | 
					
						
							| 
									
										
										
										
											2019-11-08 01:19:45 -08:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_iam | 
					
						
							|  |  |  | def test_delete_unknown_group(): | 
					
						
							|  |  |  |     conn = boto3.client("iam", region_name="us-east-1") | 
					
						
							| 
									
										
										
										
											2020-10-06 08:04:09 +02:00
										 |  |  |     with pytest.raises(ClientError) as err: | 
					
						
							| 
									
										
										
										
											2019-11-08 01:19:45 -08:00
										 |  |  |         conn.delete_group(GroupName="unknown-group") | 
					
						
							| 
									
										
										
										
											2023-07-30 19:37:08 +00:00
										 |  |  |     assert err.value.response["Error"]["Code"] == "NoSuchEntity" | 
					
						
							|  |  |  |     assert ( | 
					
						
							|  |  |  |         err.value.response["Error"]["Message"] | 
					
						
							|  |  |  |         == "The group with name unknown-group cannot be found." | 
					
						
							| 
									
										
										
										
											2019-11-08 01:19:45 -08:00
										 |  |  |     ) | 
					
						
							| 
									
										
										
										
											2021-11-29 19:35:18 -01:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_iam | 
					
						
							|  |  |  | def test_update_group_name(): | 
					
						
							|  |  |  |     conn = boto3.client("iam", region_name="us-east-1") | 
					
						
							|  |  |  |     conn.create_group(GroupName="my-group") | 
					
						
							|  |  |  |     initial_group = conn.get_group(GroupName="my-group")["Group"] | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     conn.update_group(GroupName="my-group", NewGroupName="new-group") | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     # The old group-name should no longer exist | 
					
						
							|  |  |  |     with pytest.raises(ClientError) as exc: | 
					
						
							|  |  |  |         conn.get_group(GroupName="my-group") | 
					
						
							| 
									
										
										
										
											2023-07-30 19:37:08 +00:00
										 |  |  |     assert exc.value.response["Error"]["Code"] == "NoSuchEntity" | 
					
						
							| 
									
										
										
										
											2021-11-29 19:35:18 -01:00
										 |  |  | 
 | 
					
						
							|  |  |  |     result = conn.get_group(GroupName="new-group")["Group"] | 
					
						
							| 
									
										
										
										
											2023-07-30 19:37:08 +00:00
										 |  |  |     assert result["Path"] == "/" | 
					
						
							|  |  |  |     assert result["GroupName"] == "new-group" | 
					
						
							|  |  |  |     assert result["GroupId"] == initial_group["GroupId"] | 
					
						
							|  |  |  |     assert ":group/new-group" in result["Arn"] | 
					
						
							| 
									
										
										
										
											2021-11-29 19:35:18 -01:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_iam | 
					
						
							|  |  |  | def test_update_group_name_that_has_a_path(): | 
					
						
							|  |  |  |     conn = boto3.client("iam", region_name="us-east-1") | 
					
						
							|  |  |  |     conn.create_group(GroupName="my-group", Path="/path") | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     conn.update_group(GroupName="my-group", NewGroupName="new-group") | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     # Verify the path hasn't changed | 
					
						
							|  |  |  |     new = conn.get_group(GroupName="new-group")["Group"] | 
					
						
							| 
									
										
										
										
											2023-07-30 19:37:08 +00:00
										 |  |  |     assert new["Path"] == "/path" | 
					
						
							| 
									
										
										
										
											2021-11-29 19:35:18 -01:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_iam | 
					
						
							|  |  |  | def test_update_group_path(): | 
					
						
							|  |  |  |     conn = boto3.client("iam", region_name="us-east-1") | 
					
						
							|  |  |  |     conn.create_group(GroupName="my-group", Path="/path") | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     conn.update_group( | 
					
						
							|  |  |  |         GroupName="my-group", NewGroupName="new-group", NewPath="/new-path" | 
					
						
							|  |  |  |     ) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     # Verify the path has changed | 
					
						
							|  |  |  |     new = conn.get_group(GroupName="new-group")["Group"] | 
					
						
							| 
									
										
										
										
											2023-07-30 19:37:08 +00:00
										 |  |  |     assert new["Path"] == "/new-path" | 
					
						
							| 
									
										
										
										
											2021-11-29 19:35:18 -01:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_iam | 
					
						
							|  |  |  | def test_update_group_that_does_not_exist(): | 
					
						
							|  |  |  |     conn = boto3.client("iam", region_name="us-east-1") | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     with pytest.raises(ClientError) as exc: | 
					
						
							|  |  |  |         conn.update_group(GroupName="nonexisting", NewGroupName="..") | 
					
						
							|  |  |  |     err = exc.value.response["Error"] | 
					
						
							| 
									
										
										
										
											2023-07-30 19:37:08 +00:00
										 |  |  |     assert err["Code"] == "NoSuchEntity" | 
					
						
							|  |  |  |     assert err["Message"] == "The group with name nonexisting cannot be found." | 
					
						
							| 
									
										
										
										
											2021-11-29 19:35:18 -01:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @mock_iam | 
					
						
							|  |  |  | def test_update_group_with_existing_name(): | 
					
						
							|  |  |  |     conn = boto3.client("iam", region_name="us-east-1") | 
					
						
							|  |  |  |     conn.create_group(GroupName="existing1") | 
					
						
							|  |  |  |     conn.create_group(GroupName="existing2") | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     with pytest.raises(ClientError) as exc: | 
					
						
							|  |  |  |         conn.update_group(GroupName="existing1", NewGroupName="existing2") | 
					
						
							|  |  |  |     err = exc.value.response["Error"] | 
					
						
							| 
									
										
										
										
											2023-07-30 19:37:08 +00:00
										 |  |  |     assert err["Code"] == "Conflict" | 
					
						
							|  |  |  |     assert err["Message"] == "Group existing2 already exists" |