Yasuke/moto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Correct deviation in behavior of policy versions from standard API

Browse Source
This commit is contained in:
Karl Gutwin 2018-08-07 17:24:15 -04:00
parent 9e667d6b25
commit 5ae5ae0efa
2 changed files with 20 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
moto/iam/models.py
View File

@ -37,7 +37,7 @@ class Policy(BaseModel):
description=None, description=None,
document=None, document=None,
path=None): path=None):
self.document = document or {} #self.document = document or {}
self.name = name self.name = name
self.attachment_count = 0 self.attachment_count = 0
@ -45,7 +45,7 @@ class Policy(BaseModel):
self.id = random_policy_id() self.id = random_policy_id()
self.path = path or '/' self.path = path or '/'
self.default_version_id = default_version_id or 'v1' self.default_version_id = default_version_id or 'v1'
self.versions = [] self.versions = [PolicyVersion(self.arn, document, True)]
self.create_datetime = datetime.now(pytz.utc) self.create_datetime = datetime.now(pytz.utc)
self.update_datetime = datetime.now(pytz.utc) self.update_datetime = datetime.now(pytz.utc)
@ -582,6 +582,7 @@ class IAMBackend(BaseBackend):
raise IAMNotFoundException("Policy not found") raise IAMNotFoundException("Policy not found")
version = PolicyVersion(policy_arn, policy_document, set_as_default) version = PolicyVersion(policy_arn, policy_document, set_as_default)
policy.versions.append(version) policy.versions.append(version)
version.version_id = 'v{0}'.format(len(policy.versions))
if set_as_default: if set_as_default:
policy.default_version_id = version.version_id policy.default_version_id = version.version_id
return version return version
@ -605,6 +606,9 @@ class IAMBackend(BaseBackend):
policy = self.get_policy(policy_arn) policy = self.get_policy(policy_arn)
if not policy: if not policy:
raise IAMNotFoundException("Policy not found") raise IAMNotFoundException("Policy not found")
if version_id == policy.default_version_id:
raise IAMConflictException(
"Cannot delete the default version of a policy")
for i, v in enumerate(policy.versions): for i, v in enumerate(policy.versions):
if v.version_id == version_id: if v.version_id == version_id:
del policy.versions[i] del policy.versions[i]

22
tests/test_iam/test_iam.py
View File

@ -296,6 +296,7 @@ def test_get_policy():
PolicyArn="arn:aws:iam::123456789012:policy/TestGetPolicy") PolicyArn="arn:aws:iam::123456789012:policy/TestGetPolicy")
response['Policy']['Arn'].should.equal("arn:aws:iam::123456789012:policy/TestGetPolicy") response['Policy']['Arn'].should.equal("arn:aws:iam::123456789012:policy/TestGetPolicy")
@mock_iam @mock_iam
def test_get_policy_version(): def test_get_policy_version():
conn = boto3.client('iam', region_name='us-east-1') conn = boto3.client('iam', region_name='us-east-1')
@ -323,17 +324,22 @@ def test_list_policy_versions():
PolicyArn="arn:aws:iam::123456789012:policy/TestListPolicyVersions") PolicyArn="arn:aws:iam::123456789012:policy/TestListPolicyVersions")
conn.create_policy( conn.create_policy(
PolicyName="TestListPolicyVersions", PolicyName="TestListPolicyVersions",
PolicyDocument='{"some":"policy"}')
conn.create_policy_version(
PolicyArn="arn:aws:iam::123456789012:policy/TestListPolicyVersions",
PolicyDocument='{"first":"policy"}') PolicyDocument='{"first":"policy"}')
versions = conn.list_policy_versions(
PolicyArn="arn:aws:iam::123456789012:policy/TestListPolicyVersions")
versions.get('Versions')[0].get('VersionId').should.equal('v1')
conn.create_policy_version( conn.create_policy_version(
PolicyArn="arn:aws:iam::123456789012:policy/TestListPolicyVersions", PolicyArn="arn:aws:iam::123456789012:policy/TestListPolicyVersions",
PolicyDocument='{"second":"policy"}') PolicyDocument='{"second":"policy"}')
conn.create_policy_version(
PolicyArn="arn:aws:iam::123456789012:policy/TestListPolicyVersions",
PolicyDocument='{"third":"policy"}')
versions = conn.list_policy_versions( versions = conn.list_policy_versions(
PolicyArn="arn:aws:iam::123456789012:policy/TestListPolicyVersions") PolicyArn="arn:aws:iam::123456789012:policy/TestListPolicyVersions")
versions.get('Versions')[0].get('Document').should.equal({'first': 'policy'}) print(versions.get('Versions'))
versions.get('Versions')[1].get('Document').should.equal({'second': 'policy'}) versions.get('Versions')[1].get('Document').should.equal({'second': 'policy'})
versions.get('Versions')[2].get('Document').should.equal({'third': 'policy'})
@mock_iam @mock_iam
@ -341,20 +347,20 @@ def test_delete_policy_version():
conn = boto3.client('iam', region_name='us-east-1') conn = boto3.client('iam', region_name='us-east-1')
conn.create_policy( conn.create_policy(
PolicyName="TestDeletePolicyVersion", PolicyName="TestDeletePolicyVersion",
PolicyDocument='{"some":"policy"}') PolicyDocument='{"first":"policy"}')
conn.create_policy_version( conn.create_policy_version(
PolicyArn="arn:aws:iam::123456789012:policy/TestDeletePolicyVersion", PolicyArn="arn:aws:iam::123456789012:policy/TestDeletePolicyVersion",
PolicyDocument='{"first":"policy"}') PolicyDocument='{"second":"policy"}')
with assert_raises(ClientError): with assert_raises(ClientError):
conn.delete_policy_version( conn.delete_policy_version(
PolicyArn="arn:aws:iam::123456789012:policy/TestDeletePolicyVersion", PolicyArn="arn:aws:iam::123456789012:policy/TestDeletePolicyVersion",
VersionId='v2-nope-this-does-not-exist') VersionId='v2-nope-this-does-not-exist')
conn.delete_policy_version( conn.delete_policy_version(
PolicyArn="arn:aws:iam::123456789012:policy/TestDeletePolicyVersion", PolicyArn="arn:aws:iam::123456789012:policy/TestDeletePolicyVersion",
VersionId='v1') VersionId='v2')
versions = conn.list_policy_versions( versions = conn.list_policy_versions(
PolicyArn="arn:aws:iam::123456789012:policy/TestDeletePolicyVersion") PolicyArn="arn:aws:iam::123456789012:policy/TestDeletePolicyVersion")
len(versions.get('Versions')).should.equal(0) len(versions.get('Versions')).should.equal(1)
@mock_iam_deprecated() @mock_iam_deprecated()