Merge pull request #2552 from bblommers/IAM-role-name-validation
IAM - Validate duplicate role names
This commit is contained in:
Mike Grima
GitHub
commit
9a30b8e8d5
@ -820,7 +820,7 @@ class IAMBackend(BaseBackend):
|
|||||||
)
|
)
|
||||||
if policy.arn in self.managed_policies:
|
if policy.arn in self.managed_policies:
|
||||||
raise EntityAlreadyExists(
|
raise EntityAlreadyExists(
|
||||||
"A policy called {} already exists. Duplicate names are not allowed.".format(
|
"A policy called {0} already exists. Duplicate names are not allowed.".format(
|
||||||
policy_name
|
policy_name
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
@ -898,6 +898,10 @@ class IAMBackend(BaseBackend):
|
|||||||
permissions_boundary
|
permissions_boundary
|
||||||
),
|
),
|
||||||
)
|
)
|
||||||
|
if [role for role in self.get_roles() if role.name == role_name]:
|
||||||
|
raise EntityAlreadyExists(
|
||||||
|
"Role with name {0} already exists.".format(role_name)
|
||||||
|
)
|
||||||
|
|
||||||
clean_tags = self._tag_verification(tags)
|
clean_tags = self._tag_verification(tags)
|
||||||
role = Role(
|
role = Role(
|
||||||
|
|||||||
@ -11,6 +11,7 @@ from nose.tools import assert_raises
|
|||||||
from moto import mock_iam, mock_ec2, mock_s3, mock_sts, mock_elbv2, mock_rds2
|
from moto import mock_iam, mock_ec2, mock_s3, mock_sts, mock_elbv2, mock_rds2
|
||||||
from moto.core import set_initial_no_auth_action_count
|
from moto.core import set_initial_no_auth_action_count
|
||||||
from moto.iam.models import ACCOUNT_ID
|
from moto.iam.models import ACCOUNT_ID
|
||||||
|
from uuid import uuid4
|
||||||
|
|
||||||
|
|
||||||
@mock_iam
|
@mock_iam
|
||||||
@ -71,8 +72,10 @@ def create_user_with_access_key_and_multiple_policies(
|
|||||||
|
|
||||||
|
|
||||||
def create_group_with_attached_policy_and_add_user(
|
def create_group_with_attached_policy_and_add_user(
|
||||||
user_name, policy_document, group_name="test-group", policy_name="policy1"
|
user_name, policy_document, group_name="test-group", policy_name=None
|
||||||
):
|
):
|
||||||
|
if not policy_name:
|
||||||
|
policy_name = str(uuid4())
|
||||||
client = boto3.client("iam", region_name="us-east-1")
|
client = boto3.client("iam", region_name="us-east-1")
|
||||||
client.create_group(GroupName=group_name)
|
client.create_group(GroupName=group_name)
|
||||||
policy_arn = client.create_policy(
|
policy_arn = client.create_policy(
|
||||||
@ -101,8 +104,10 @@ def create_group_with_multiple_policies_and_add_user(
|
|||||||
attached_policy_document,
|
attached_policy_document,
|
||||||
group_name="test-group",
|
group_name="test-group",
|
||||||
inline_policy_name="policy1",
|
inline_policy_name="policy1",
|
||||||
attached_policy_name="policy1",
|
attached_policy_name=None,
|
||||||
):
|
):
|
||||||
|
if not attached_policy_name:
|
||||||
|
attached_policy_name = str(uuid4())
|
||||||
client = boto3.client("iam", region_name="us-east-1")
|
client = boto3.client("iam", region_name="us-east-1")
|
||||||
client.create_group(GroupName=group_name)
|
client.create_group(GroupName=group_name)
|
||||||
client.put_group_policy(
|
client.put_group_policy(
|
||||||
|
|||||||
@ -18,6 +18,7 @@ from nose.tools import raises
|
|||||||
|
|
||||||
from datetime import datetime
|
from datetime import datetime
|
||||||
from tests.helpers import requires_boto_gte
|
from tests.helpers import requires_boto_gte
|
||||||
|
from uuid import uuid4
|
||||||
|
|
||||||
|
|
||||||
MOCK_CERT = """-----BEGIN CERTIFICATE-----
|
MOCK_CERT = """-----BEGIN CERTIFICATE-----
|
||||||
@ -2050,6 +2051,42 @@ def test_create_role_with_permissions_boundary():
|
|||||||
conn.list_roles().get("Roles")[0].get("PermissionsBoundary").should.equal(expected)
|
conn.list_roles().get("Roles")[0].get("PermissionsBoundary").should.equal(expected)
|
||||||
|
|
||||||
|
|
||||||
|
@mock_iam
|
||||||
|
def test_create_role_with_same_name_should_fail():
|
||||||
|
iam = boto3.client("iam", region_name="us-east-1")
|
||||||
|
test_role_name = str(uuid4())
|
||||||
|
iam.create_role(
|
||||||
|
RoleName=test_role_name, AssumeRolePolicyDocument="policy", Description="test"
|
||||||
|
)
|
||||||
|
# Create the role again, and verify that it fails
|
||||||
|
with assert_raises(ClientError) as err:
|
||||||
|
iam.create_role(
|
||||||
|
RoleName=test_role_name,
|
||||||
|
AssumeRolePolicyDocument="policy",
|
||||||
|
Description="test",
|
||||||
|
)
|
||||||
|
err.exception.response["Error"]["Code"].should.equal("EntityAlreadyExists")
|
||||||
|
err.exception.response["Error"]["Message"].should.equal(
|
||||||
|
"Role with name {0} already exists.".format(test_role_name)
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
@mock_iam
|
||||||
|
def test_create_policy_with_same_name_should_fail():
|
||||||
|
iam = boto3.client("iam", region_name="us-east-1")
|
||||||
|
test_policy_name = str(uuid4())
|
||||||
|
policy = iam.create_policy(PolicyName=test_policy_name, PolicyDocument=MOCK_POLICY)
|
||||||
|
# Create the role again, and verify that it fails
|
||||||
|
with assert_raises(ClientError) as err:
|
||||||
|
iam.create_policy(PolicyName=test_policy_name, PolicyDocument=MOCK_POLICY)
|
||||||
|
err.exception.response["Error"]["Code"].should.equal("EntityAlreadyExists")
|
||||||
|
err.exception.response["Error"]["Message"].should.equal(
|
||||||
|
"A policy called {0} already exists. Duplicate names are not allowed.".format(
|
||||||
|
test_policy_name
|
||||||
|
)
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
@mock_iam
|
@mock_iam
|
||||||
def test_create_open_id_connect_provider():
|
def test_create_open_id_connect_provider():
|
||||||
client = boto3.client("iam", region_name="us-east-1")
|
client = boto3.client("iam", region_name="us-east-1")
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user