feature added: support for api RolePermissionsBoundary (#3329)
* feature added: support for api PutUserPermissionsBoundary; DeleteRolePermissionsBoundary * minor test fix * lint fixed * refractored test case * Issue 3224 s3 copy glacier object (#3318) * 3224 Enhancement - S3 Copy restored glacier objects - adds setter for expiry date - copy sets expiry date to none when source is glacier object - throws error for copying glacier object only if not restored/still restoring * 3224 Enhancement - S3 Copy restored glacier objects - throws error for copying deep archive object only if not restored/still restoring * Fix:s3 List Object response:delimiter (#3254) * Fix:s3 List Object delimiter in response * fixed tests * fixed failed tests Co-authored-by: usmankb <usman@krazybee.com> * feature added: support for api PutUserPermissionsBoundary; DeleteRolePermissionsBoundary * minor test fix * lint fixed * refractored test case * added test case for put role exception Co-authored-by: ruthbovell <63656505+ruthbovell@users.noreply.github.com> Co-authored-by: usmangani1 <sgosman_chem@yahoo.com> Co-authored-by: usmankb <usman@krazybee.com>
This commit is contained in:
Macwan Nevil
GitHub
parent
958e95cf5c
commit
427a222aa0
@ -1435,6 +1435,23 @@ class IAMBackend(BaseBackend):
|
|||||||
role.max_session_duration = max_session_duration
|
role.max_session_duration = max_session_duration
|
||||||
return role
|
return role
|
||||||
|
|
||||||
|
def put_role_permissions_boundary(self, role_name, permissions_boundary):
|
||||||
|
if permissions_boundary and not self.policy_arn_regex.match(
|
||||||
|
permissions_boundary
|
||||||
|
):
|
||||||
|
raise RESTError(
|
||||||
|
"InvalidParameterValue",
|
||||||
|
"Value ({}) for parameter PermissionsBoundary is invalid.".format(
|
||||||
|
permissions_boundary
|
||||||
|
),
|
||||||
|
)
|
||||||
|
role = self.get_role(role_name)
|
||||||
|
role.permissions_boundary = permissions_boundary
|
||||||
|
|
||||||
|
def delete_role_permissions_boundary(self, role_name):
|
||||||
|
role = self.get_role(role_name)
|
||||||
|
role.permissions_boundary = None
|
||||||
|
|
||||||
def detach_role_policy(self, policy_arn, role_name):
|
def detach_role_policy(self, policy_arn, role_name):
|
||||||
arns = dict((p.arn, p) for p in self.managed_policies.values())
|
arns = dict((p.arn, p) for p in self.managed_policies.values())
|
||||||
try:
|
try:
|
||||||
|
|||||||
@ -265,6 +265,19 @@ class IamResponse(BaseResponse):
|
|||||||
template = self.response_template(UPDATE_ROLE_TEMPLATE)
|
template = self.response_template(UPDATE_ROLE_TEMPLATE)
|
||||||
return template.render(role=role)
|
return template.render(role=role)
|
||||||
|
|
||||||
|
def put_role_permissions_boundary(self):
|
||||||
|
permissions_boundary = self._get_param("PermissionsBoundary")
|
||||||
|
role_name = self._get_param("RoleName")
|
||||||
|
iam_backend.put_role_permissions_boundary(role_name, permissions_boundary)
|
||||||
|
template = self.response_template(GENERIC_EMPTY_TEMPLATE)
|
||||||
|
return template.render(name="PutRolePermissionsBoundary")
|
||||||
|
|
||||||
|
def delete_role_permissions_boundary(self):
|
||||||
|
role_name = self._get_param("RoleName")
|
||||||
|
iam_backend.delete_role_permissions_boundary(role_name)
|
||||||
|
template = self.response_template(GENERIC_EMPTY_TEMPLATE)
|
||||||
|
return template.render(name="DeleteRolePermissionsBoundary")
|
||||||
|
|
||||||
def create_policy_version(self):
|
def create_policy_version(self):
|
||||||
policy_arn = self._get_param("PolicyArn")
|
policy_arn = self._get_param("PolicyArn")
|
||||||
policy_document = self._get_param("PolicyDocument")
|
policy_document = self._get_param("PolicyDocument")
|
||||||
@ -1315,6 +1328,12 @@ GET_ROLE_TEMPLATE = """<GetRoleResponse xmlns="https://iam.amazonaws.com/doc/201
|
|||||||
<CreateDate>{{ role.created_iso_8601 }}</CreateDate>
|
<CreateDate>{{ role.created_iso_8601 }}</CreateDate>
|
||||||
<RoleId>{{ role.id }}</RoleId>
|
<RoleId>{{ role.id }}</RoleId>
|
||||||
<MaxSessionDuration>{{ role.max_session_duration }}</MaxSessionDuration>
|
<MaxSessionDuration>{{ role.max_session_duration }}</MaxSessionDuration>
|
||||||
|
{% if role.permissions_boundary %}
|
||||||
|
<PermissionsBoundary>
|
||||||
|
<PermissionsBoundaryType>PermissionsBoundaryPolicy</PermissionsBoundaryType>
|
||||||
|
<PermissionsBoundaryArn>{{ role.permissions_boundary }}</PermissionsBoundaryArn>
|
||||||
|
</PermissionsBoundary>
|
||||||
|
{% endif %}
|
||||||
{% if role.tags %}
|
{% if role.tags %}
|
||||||
<Tags>
|
<Tags>
|
||||||
{% for tag in role.get_tags() %}
|
{% for tag in role.get_tags() %}
|
||||||
|
|||||||
@ -869,9 +869,7 @@ def test_list_access_keys():
|
|||||||
conn = boto3.client("iam", region_name="us-east-1")
|
conn = boto3.client("iam", region_name="us-east-1")
|
||||||
conn.create_user(UserName="my-user")
|
conn.create_user(UserName="my-user")
|
||||||
response = conn.list_access_keys(UserName="my-user")
|
response = conn.list_access_keys(UserName="my-user")
|
||||||
assert_equals(
|
assert_equals(response["AccessKeyMetadata"], [])
|
||||||
response["AccessKeyMetadata"], [],
|
|
||||||
)
|
|
||||||
access_key = conn.create_access_key(UserName="my-user")["AccessKey"]
|
access_key = conn.create_access_key(UserName="my-user")["AccessKey"]
|
||||||
response = conn.list_access_keys(UserName="my-user")
|
response = conn.list_access_keys(UserName="my-user")
|
||||||
assert_equals(
|
assert_equals(
|
||||||
@ -2377,7 +2375,19 @@ def test_create_role_with_permissions_boundary():
|
|||||||
resp.get("Role").get("PermissionsBoundary").should.equal(expected)
|
resp.get("Role").get("PermissionsBoundary").should.equal(expected)
|
||||||
resp.get("Role").get("Description").should.equal("test")
|
resp.get("Role").get("Description").should.equal("test")
|
||||||
|
|
||||||
|
conn.delete_role_permissions_boundary(RoleName="my-role")
|
||||||
|
conn.list_roles().get("Roles")[0].should_not.have.key("PermissionsBoundary")
|
||||||
|
|
||||||
|
conn.put_role_permissions_boundary(RoleName="my-role", PermissionsBoundary=boundary)
|
||||||
|
resp.get("Role").get("PermissionsBoundary").should.equal(expected)
|
||||||
|
|
||||||
invalid_boundary_arn = "arn:aws:iam::123456789:not_a_boundary"
|
invalid_boundary_arn = "arn:aws:iam::123456789:not_a_boundary"
|
||||||
|
|
||||||
|
with assert_raises(ClientError):
|
||||||
|
conn.put_role_permissions_boundary(
|
||||||
|
RoleName="my-role", PermissionsBoundary=invalid_boundary_arn
|
||||||
|
)
|
||||||
|
|
||||||
with assert_raises(ClientError):
|
with assert_raises(ClientError):
|
||||||
conn.create_role(
|
conn.create_role(
|
||||||
RoleName="bad-boundary",
|
RoleName="bad-boundary",
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user