From 992b4750931dcb3956196d2b71fbc9b35ddf82c8 Mon Sep 17 00:00:00 2001 From: Kate Heddleston Date: Mon, 15 May 2017 14:56:30 -0700 Subject: [PATCH] testing create, get, list, delete policy versions --- moto/iam/models.py | 45 +++++++++++++++------- moto/iam/responses.py | 46 ++++++++++++++++++++--- tests/test_iam/test_iam.py | 77 ++++++++++++++++++++++++++++++++++++++ tests/test_sqs/test_sqs.py | 2 +- 4 files changed, 150 insertions(+), 20 deletions(-) diff --git a/moto/iam/models.py b/moto/iam/models.py index 30674a306..eef5fed2a 100644 --- a/moto/iam/models.py +++ b/moto/iam/models.py @@ -53,15 +53,15 @@ class Policy(BaseModel): return 'arn:aws:iam::aws:policy{0}{1}'.format(self.path, self.name) -class Version(object): +class PolicyVersion(object): def __init__(self, policy_arn, document, - is_default_version=False): + is_default=False): self.policy_arn = policy_arn self.document = document or {} - self.is_default_version = is_default_version + self.is_default = is_default self.version_id = 'v1' self.create_datetime = datetime.now(pytz.utc) @@ -506,6 +506,9 @@ class IAMBackend(BaseBackend): self.managed_policies[policy.name] = policy return policy + def get_policy(self, policy_name): + return self.managed_policies.get(policy_name) + def list_attached_role_policies(self, role_name, marker=None, max_items=100, path_prefix='/'): policies = self.get_role(role_name).managed_policies.values() @@ -551,15 +554,6 @@ class IAMBackend(BaseBackend): return policies, marker - def get_policy(self, policy_name): - policy = self.managed_policies[policy_name] - if not policy: - raise IAMNotFoundException("Policy {0} not found".format(policy_name)) - return policy - - def get_policies(self): - return self.managed_policies.values() - def create_role(self, role_name, assume_role_policy_document, path): role_id = random_resource_id() role = Role(role_id, role_name, assume_role_policy_document, path) @@ -596,19 +590,44 @@ class IAMBackend(BaseBackend): policy_name = policy_arn.split(':')[-1] policy_name = policy_name.split('/')[1] policy = self.get_policy(policy_name) - version = Version(policy_arn, policy_document, set_as_default) + if not policy: + raise IAMNotFoundException("Policy not found") + version = PolicyVersion(policy_arn, policy_document, set_as_default) policy.versions.append(version) if set_as_default: policy.default_version_id = version.version_id + return version + + def get_policy_version(self, policy_arn, version_id): + policy_name = policy_arn.split(':')[-1] + policy_name = policy_name.split('/')[1] + policy = self.get_policy(policy_name) + if not policy: + raise IAMNotFoundException("Policy not found") + for version in policy.versions: + if version.version_id == version_id: + return version + raise IAMNotFoundException("Policy version not found") + + def list_policy_versions(self, policy_arn): + policy_name = policy_arn.split(':')[-1] + policy_name = policy_name.split('/')[1] + policy = self.get_policy(policy_name) + if not policy: + raise IAMNotFoundException("Policy not found") + return policy.versions def delete_policy_version(self, policy_arn, version_id): policy_name = policy_arn.split(':')[-1] policy_name = policy_name.split('/')[1] policy = self.get_policy(policy_name) + if not policy: + raise IAMNotFoundException("Policy not found") for i, v in enumerate(policy.versions): if v.version_id == version_id: del policy.versions[i] return + raise IAMNotFoundException("Policy not found") def create_instance_profile(self, name, path, role_ids): instance_profile_id = random_resource_id() diff --git a/moto/iam/responses.py b/moto/iam/responses.py index 407592f8d..d82cdb189 100644 --- a/moto/iam/responses.py +++ b/moto/iam/responses.py @@ -98,9 +98,15 @@ class IamResponse(BaseResponse): policy_document = self._get_param('PolicyDocument') set_as_default = self._get_param('SetAsDefault') policy_version = iam_backend.create_policy_version(policy_arn, policy_document, set_as_default) + template = self.response_template(CREATE_POLICY_VERSION_TEMPLATE) + return template.render(policy_version=policy_version) - template = self.response_template(LIST_POLICY_VERSIONS_TEMPLATE) - return template.render(policy_versions=[policy_version]) + def get_policy_version(self): + policy_arn = self._get_param('PolicyArn') + version_id = self._get_param('VersionId') + policy_version = iam_backend.get_policy_version(policy_arn, version_id) + template = self.response_template(GET_POLICY_VERSION_TEMPLATE) + return template.render(policy_version=policy_version) def list_policy_versions(self): policy_arn = self._get_param('PolicyArn') @@ -624,15 +630,43 @@ LIST_ROLE_POLICIES = """ + + + {{ policy_version.document }} + {{ policy_version.version_id }} + {{ policy_version.is_default }} + 2012-05-09T15:45:35Z + + + + 20f7279f-99ee-11e1-a4c3-27EXAMPLE804 + +""" + +GET_POLICY_VERSION_TEMPLATE = """ + + + {{ policy_version.document }} + {{ policy_version.version_id }} + {{ policy_version.is_default }} + 2012-05-09T15:45:35Z + + + + 20f7279f-99ee-11e1-a4c3-27EXAMPLE804 + +""" + LIST_POLICY_VERSIONS_TEMPLATE = """ false - {% for version in policy_versions %} + {% for policy_version in policy_versions %} - {{ version.document }} - {{ version.version_id }} - {{ version.is_default_version }} + {{ policy_version.document }} + {{ policy_version.version_id }} + {{ policy_version.is_default }} 2012-05-09T15:45:35Z {% endfor %} diff --git a/tests/test_iam/test_iam.py b/tests/test_iam/test_iam.py index e039f8f61..9249c61a8 100644 --- a/tests/test_iam/test_iam.py +++ b/tests/test_iam/test_iam.py @@ -196,6 +196,83 @@ def test_update_assume_role_policy(): role.assume_role_policy_document.should.equal("my-policy") +@mock_iam +def test_create_policy_versions(): + conn = boto3.client('iam', region_name='us-east-1') + with assert_raises(ClientError): + conn.create_policy_version( + PolicyArn="arn:aws:iam::aws:policy/TestCreatePolicyVersion", + PolicyDocument='{"some":"policy"}') + conn.create_policy( + PolicyName="TestCreatePolicyVersion", + PolicyDocument='{"some":"policy"}') + version = conn.create_policy_version( + PolicyArn="arn:aws:iam::aws:policy/TestCreatePolicyVersion", + PolicyDocument='{"some":"policy"}') + version.get('PolicyVersion').get('Document').should.equal({'some': 'policy'}) + + +@mock_iam +def test_get_policy_version(): + conn = boto3.client('iam', region_name='us-east-1') + conn.create_policy( + PolicyName="TestGetPolicyVersion", + PolicyDocument='{"some":"policy"}') + version = conn.create_policy_version( + PolicyArn="arn:aws:iam::aws:policy/TestGetPolicyVersion", + PolicyDocument='{"some":"policy"}') + with assert_raises(ClientError): + conn.get_policy_version( + PolicyArn="arn:aws:iam::aws:policy/TestGetPolicyVersion", + VersionId='v2-does-not-exist') + retrieved = conn.get_policy_version( + PolicyArn="arn:aws:iam::aws:policy/TestGetPolicyVersion", + VersionId=version.get('PolicyVersion').get('VersionId')) + retrieved.get('PolicyVersion').get('Document').should.equal({'some': 'policy'}) + + +@mock_iam +def test_list_policy_versions(): + conn = boto3.client('iam', region_name='us-east-1') + with assert_raises(ClientError): + versions = conn.list_policy_versions( + PolicyArn="arn:aws:iam::aws:policy/TestListPolicyVersions") + conn.create_policy( + PolicyName="TestListPolicyVersions", + PolicyDocument='{"some":"policy"}') + conn.create_policy_version( + PolicyArn="arn:aws:iam::aws:policy/TestListPolicyVersions", + PolicyDocument='{"first":"policy"}') + conn.create_policy_version( + PolicyArn="arn:aws:iam::aws:policy/TestListPolicyVersions", + PolicyDocument='{"second":"policy"}') + versions = conn.list_policy_versions( + PolicyArn="arn:aws:iam::aws:policy/TestListPolicyVersions") + versions.get('Versions')[0].get('Document').should.equal({'first': 'policy'}) + versions.get('Versions')[1].get('Document').should.equal({'second': 'policy'}) + + +@mock_iam +def test_delete_policy_version(): + conn = boto3.client('iam', region_name='us-east-1') + conn.create_policy( + PolicyName="TestDeletePolicyVersion", + PolicyDocument='{"some":"policy"}') + conn.create_policy_version( + PolicyArn="arn:aws:iam::aws:policy/TestDeletePolicyVersion", + PolicyDocument='{"first":"policy"}') + with assert_raises(ClientError): + conn.delete_policy_version( + PolicyArn="arn:aws:iam::aws:policy/TestDeletePolicyVersion", + VersionId='v2-nope-this-does-not-exist') + conn.delete_policy_version( + PolicyArn="arn:aws:iam::aws:policy/TestDeletePolicyVersion", + VersionId='v1') + versions = conn.list_policy_versions( + PolicyArn="arn:aws:iam::aws:policy/TestDeletePolicyVersion") + len(versions.get('Versions')).should.equal(0) + + @mock_iam_deprecated() def test_create_user(): conn = boto.connect_iam() diff --git a/tests/test_sqs/test_sqs.py b/tests/test_sqs/test_sqs.py index 0df4c2dc9..f179d9f85 100644 --- a/tests/test_sqs/test_sqs.py +++ b/tests/test_sqs/test_sqs.py @@ -392,7 +392,7 @@ def test_delete_message(): @mock_sqs_deprecated def test_send_batch_operation(): conn = boto.connect_sqs('the_key', 'the_secret') - queue = conn.create_queue("test-queue", visibility_timeout=60) + queue = conn.create_queue("test-queue", visibility_timeout=3) # See https://github.com/boto/boto/issues/831 queue.set_message_class(RawMessage)