From 422bca8e9018694d2e201944a422bb70b1855f95 Mon Sep 17 00:00:00 2001 From: Bert Blommers Date: Mon, 11 Nov 2019 08:21:42 +0000 Subject: [PATCH 1/3] IAM - Add Validation on duplicate role names --- moto/iam/models.py | 4 ++++ tests/test_iam/test_iam.py | 21 +++++++++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/moto/iam/models.py b/moto/iam/models.py index b64c9402f..3e744f6a7 100644 --- a/moto/iam/models.py +++ b/moto/iam/models.py @@ -898,6 +898,10 @@ class IAMBackend(BaseBackend): permissions_boundary ), ) + if [role for role in self.get_roles() if role.name == role_name]: + raise EntityAlreadyExists( + "Role with name {0} already exists.".format(role_name) + ) clean_tags = self._tag_verification(tags) role = Role( diff --git a/tests/test_iam/test_iam.py b/tests/test_iam/test_iam.py index c5e856b68..5146f891c 100644 --- a/tests/test_iam/test_iam.py +++ b/tests/test_iam/test_iam.py @@ -18,6 +18,7 @@ from nose.tools import raises from datetime import datetime from tests.helpers import requires_boto_gte +from uuid import uuid4 MOCK_CERT = """-----BEGIN CERTIFICATE----- @@ -2050,6 +2051,26 @@ def test_create_role_with_permissions_boundary(): conn.list_roles().get("Roles")[0].get("PermissionsBoundary").should.equal(expected) +@mock_iam +def test_create_role_with_same_name_should_fail(): + iam = boto3.client("iam", region_name="us-east-1") + test_role_name = str(uuid4()) + iam.create_role( + RoleName=test_role_name, AssumeRolePolicyDocument="policy", Description="test" + ) + # Create the role again, and verify that it fails + with assert_raises(ClientError) as err: + iam.create_role( + RoleName=test_role_name, + AssumeRolePolicyDocument="policy", + Description="test", + ) + err.exception.response["Error"]["Code"].should.equal("EntityAlreadyExists") + err.exception.response["Error"]["Message"].should.equal( + "Role with name {0} already exists.".format(test_role_name) + ) + + @mock_iam def test_create_open_id_connect_provider(): client = boto3.client("iam", region_name="us-east-1") From 85570f0abed30c0a74eee9de36f07aad3c21c19b Mon Sep 17 00:00:00 2001 From: Bert Blommers Date: Mon, 11 Nov 2019 09:14:22 +0000 Subject: [PATCH 2/3] IAM - Add Validation on duplicate policy names --- moto/iam/models.py | 2 +- tests/test_iam/test_iam.py | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/moto/iam/models.py b/moto/iam/models.py index 3e744f6a7..df4fa987c 100644 --- a/moto/iam/models.py +++ b/moto/iam/models.py @@ -820,7 +820,7 @@ class IAMBackend(BaseBackend): ) if policy.arn in self.managed_policies: raise EntityAlreadyExists( - "A policy called {} already exists. Duplicate names are not allowed.".format( + "A policy called {0} already exists. Duplicate names are not allowed.".format( policy_name ) ) diff --git a/tests/test_iam/test_iam.py b/tests/test_iam/test_iam.py index 5146f891c..61b0d534c 100644 --- a/tests/test_iam/test_iam.py +++ b/tests/test_iam/test_iam.py @@ -2071,6 +2071,22 @@ def test_create_role_with_same_name_should_fail(): ) +@mock_iam +def test_create_policy_with_same_name_should_fail(): + iam = boto3.client("iam", region_name="us-east-1") + test_policy_name = str(uuid4()) + policy = iam.create_policy(PolicyName=test_policy_name, PolicyDocument=MOCK_POLICY) + # Create the role again, and verify that it fails + with assert_raises(ClientError) as err: + iam.create_policy(PolicyName=test_policy_name, PolicyDocument=MOCK_POLICY) + err.exception.response["Error"]["Code"].should.equal("EntityAlreadyExists") + err.exception.response["Error"]["Message"].should.equal( + "A policy called {0} already exists. Duplicate names are not allowed.".format( + test_policy_name + ) + ) + + @mock_iam def test_create_open_id_connect_provider(): client = boto3.client("iam", region_name="us-east-1") From e025ccfd0684648043eb96c9c4db72f12678f79b Mon Sep 17 00:00:00 2001 From: Bert Blommers Date: Mon, 11 Nov 2019 09:27:01 +0000 Subject: [PATCH 3/3] Ensure IAM Policy names are unique in tests --- tests/test_core/test_auth.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/tests/test_core/test_auth.py b/tests/test_core/test_auth.py index c5e043ae5..60d15cf51 100644 --- a/tests/test_core/test_auth.py +++ b/tests/test_core/test_auth.py @@ -11,6 +11,7 @@ from nose.tools import assert_raises from moto import mock_iam, mock_ec2, mock_s3, mock_sts, mock_elbv2, mock_rds2 from moto.core import set_initial_no_auth_action_count from moto.iam.models import ACCOUNT_ID +from uuid import uuid4 @mock_iam @@ -71,8 +72,10 @@ def create_user_with_access_key_and_multiple_policies( def create_group_with_attached_policy_and_add_user( - user_name, policy_document, group_name="test-group", policy_name="policy1" + user_name, policy_document, group_name="test-group", policy_name=None ): + if not policy_name: + policy_name = str(uuid4()) client = boto3.client("iam", region_name="us-east-1") client.create_group(GroupName=group_name) policy_arn = client.create_policy( @@ -101,8 +104,10 @@ def create_group_with_multiple_policies_and_add_user( attached_policy_document, group_name="test-group", inline_policy_name="policy1", - attached_policy_name="policy1", + attached_policy_name=None, ): + if not attached_policy_name: + attached_policy_name = str(uuid4()) client = boto3.client("iam", region_name="us-east-1") client.create_group(GroupName=group_name) client.put_group_policy(