diff --git a/tests/test_iam/test_iam.py b/tests/test_iam/test_iam.py index 3d98cf53b..aeb9a5505 100644 --- a/tests/test_iam/test_iam.py +++ b/tests/test_iam/test_iam.py @@ -2,7 +2,6 @@ import json import boto3 import csv -import sure # noqa # pylint: disable=unused-import from botocore.exceptions import ClientError from moto import mock_config, mock_iam, settings @@ -93,8 +92,8 @@ def test_get_role__should_throw__when_role_does_not_exist(): with pytest.raises(ClientError) as ex: conn.get_role(RoleName="unexisting_role") err = ex.value.response["Error"] - err["Code"].should.equal("NoSuchEntity") - err["Message"].should.contain("not found") + assert err["Code"] == "NoSuchEntity" + assert "not found" in err["Message"] @mock_iam @@ -104,7 +103,7 @@ def test_get_role__should_contain_last_used(): RoleName="my-role", AssumeRolePolicyDocument="some policy", Path="/" ) role = conn.get_role(RoleName="my-role")["Role"] - role["RoleLastUsed"].should.equal({}) + assert role["RoleLastUsed"] == {} if not settings.TEST_SERVER_MODE: iam_backend = get_backend("iam")[ACCOUNT_ID]["global"] @@ -115,8 +114,8 @@ def test_get_role__should_contain_last_used(): iam_backend.roles[role["RoleId"]].last_used = last_used iam_backend.roles[role["RoleId"]].last_used_region = region roleLastUsed = conn.get_role(RoleName="my-role")["Role"]["RoleLastUsed"] - roleLastUsed["LastUsedDate"].replace(tzinfo=None).should.equal(last_used) - roleLastUsed["Region"].should.equal(region) + assert roleLastUsed["LastUsedDate"].replace(tzinfo=None) == last_used + assert roleLastUsed["Region"] == region @mock_iam @@ -125,8 +124,8 @@ def test_get_instance_profile__should_throw__when_instance_profile_does_not_exis with pytest.raises(ClientError) as ex: conn.get_instance_profile(InstanceProfileName="unexisting_instance_profile") err = ex.value.response["Error"] - err["Code"].should.equal("NoSuchEntity") - err["Message"].should.contain("not found") + assert err["Code"] == "NoSuchEntity" + assert "not found" in err["Message"] @mock_iam @@ -142,24 +141,24 @@ def test_create_role_and_instance_profile(): ) role = conn.get_role(RoleName="my-role")["Role"] - role["Path"].should.equal("/my-path/") - role["AssumeRolePolicyDocument"].should.equal("some policy") + assert role["Path"] == "/my-path/" + assert role["AssumeRolePolicyDocument"] == "some policy" profile = conn.get_instance_profile(InstanceProfileName="my-profile")[ "InstanceProfile" ] - profile["Path"].should.equal("my-path") + assert profile["Path"] == "my-path" - profile["Roles"].should.have.length_of(1) + assert len(profile["Roles"]) == 1 role_from_profile = profile["Roles"][0] - role_from_profile["RoleId"].should.equal(role["RoleId"]) - role_from_profile["RoleName"].should.equal("my-role") + assert role_from_profile["RoleId"] == role["RoleId"] + assert role_from_profile["RoleName"] == "my-role" - conn.list_roles()["Roles"][0]["RoleName"].should.equal("my-role") + assert conn.list_roles()["Roles"][0]["RoleName"] == "my-role" # Test with an empty path: profile = conn.create_instance_profile(InstanceProfileName="my-other-profile") - profile["InstanceProfile"]["Path"].should.equal("/") + assert profile["InstanceProfile"]["Path"] == "/" @mock_iam @@ -193,9 +192,10 @@ def test_create_add_additional_roles_to_instance_profile_error(): # Verify err = exc.value.response["Error"] - assert err["Code"].should.equal("LimitExceeded") - assert err["Message"].should.equal( - "Cannot exceed quota for InstanceSessionsPerInstanceProfile: 1" + assert err["Code"] == "LimitExceeded" + assert ( + err["Message"] + == "Cannot exceed quota for InstanceSessionsPerInstanceProfile: 1" ) @@ -213,7 +213,7 @@ def test_remove_role_from_instance_profile(): profile = conn.get_instance_profile(InstanceProfileName="my-profile")[ "InstanceProfile" ] - profile["Roles"].should.have.length_of(1) + assert len(profile["Roles"]) == 1 conn.remove_role_from_instance_profile( InstanceProfileName="my-profile", RoleName="my-role" @@ -222,7 +222,7 @@ def test_remove_role_from_instance_profile(): profile = conn.get_instance_profile(InstanceProfileName="my-profile")[ "InstanceProfile" ] - profile["Roles"].should.have.length_of(0) + assert len(profile["Roles"]) == 0 @mock_iam() @@ -252,7 +252,7 @@ def test_get_login_profile(): conn.create_login_profile(UserName="my-user", Password="my-pass") response = conn.get_login_profile(UserName="my-user") - response["LoginProfile"]["UserName"].should.equal("my-user") + assert response["LoginProfile"]["UserName"] == "my-user" @mock_iam() @@ -261,13 +261,13 @@ def test_update_login_profile(): conn.create_user(UserName="my-user") conn.create_login_profile(UserName="my-user", Password="my-pass") response = conn.get_login_profile(UserName="my-user") - response["LoginProfile"].get("PasswordResetRequired").should.equal(None) + assert response["LoginProfile"].get("PasswordResetRequired") is None conn.update_login_profile( UserName="my-user", Password="new-pass", PasswordResetRequired=True ) response = conn.get_login_profile(UserName="my-user") - response["LoginProfile"].get("PasswordResetRequired").should.equal(True) + assert response["LoginProfile"].get("PasswordResetRequired") is True @mock_iam() @@ -347,9 +347,9 @@ def test_list_instance_profiles(): profiles = conn.list_instance_profiles()["InstanceProfiles"] - len(profiles).should.equal(1) - profiles[0]["InstanceProfileName"].should.equal("my-profile") - profiles[0]["Roles"][0]["RoleName"].should.equal("my-role") + assert len(profiles) == 1 + assert profiles[0]["InstanceProfileName"] == "my-profile" + assert profiles[0]["Roles"][0]["RoleName"] == "my-role" @mock_iam @@ -381,14 +381,14 @@ def test_list_instance_profiles_for_role(): for profile_count in range(0, len(profile_list)): profile_name_list.remove(profile_list[profile_count]["InstanceProfileName"]) profile_path_list.remove(profile_list[profile_count]["Path"]) - profile_list[profile_count]["Roles"][0]["RoleName"].should.equal("my-role") + assert profile_list[profile_count]["Roles"][0]["RoleName"] == "my-role" - profile_name_list.should.have.length_of(0) - profile_path_list.should.have.length_of(0) + assert len(profile_name_list) == 0 + assert len(profile_path_list) == 0 profile_dump2 = conn.list_instance_profiles_for_role(RoleName="my-role2") profile_list = profile_dump2["InstanceProfiles"] - profile_list.should.have.length_of(0) + assert len(profile_list) == 0 @mock_iam @@ -402,25 +402,23 @@ def test_list_role_policies(): RoleName="my-role", PolicyName="test policy", PolicyDocument=MOCK_POLICY ) role = conn.list_role_policies(RoleName="my-role") - role["PolicyNames"].should.equal(["test policy"]) + assert role["PolicyNames"] == ["test policy"] conn.put_role_policy( RoleName="my-role", PolicyName="test policy 2", PolicyDocument=MOCK_POLICY ) role = conn.list_role_policies(RoleName="my-role") - role["PolicyNames"].should.have.length_of(2) + assert len(role["PolicyNames"]) == 2 conn.delete_role_policy(RoleName="my-role", PolicyName="test policy") role = conn.list_role_policies(RoleName="my-role") - role["PolicyNames"].should.equal(["test policy 2"]) + assert role["PolicyNames"] == ["test policy 2"] with pytest.raises(ClientError) as ex: conn.delete_role_policy(RoleName="my-role", PolicyName="test policy") err = ex.value.response["Error"] - err["Code"].should.equal("NoSuchEntity") - err["Message"].should.equal( - "The role policy with name test policy cannot be found." - ) + assert err["Code"] == "NoSuchEntity" + assert err["Message"] == "The role policy with name test policy cannot be found." @mock_iam @@ -433,8 +431,8 @@ def test_put_role_policy(): RoleName="my-role", PolicyName="test policy", PolicyDocument=MOCK_POLICY ) policy = conn.get_role_policy(RoleName="my-role", PolicyName="test policy") - policy["PolicyName"].should.equal("test policy") - policy["PolicyDocument"].should.equal(json.loads(MOCK_POLICY)) + assert policy["PolicyName"] == "test policy" + assert policy["PolicyDocument"] == json.loads(MOCK_POLICY) @mock_iam @@ -456,8 +454,8 @@ def test_update_assume_role_invalid_policy(): with pytest.raises(ClientError) as ex: conn.update_assume_role_policy(RoleName="my-role", PolicyDocument="new policy") err = ex.value.response["Error"] - err["Code"].should.equal("MalformedPolicyDocument") - err["Message"].should.contain("Syntax errors in policy.") + assert err["Code"] == "MalformedPolicyDocument" + assert "Syntax errors in policy." in err["Message"] @mock_iam @@ -469,8 +467,9 @@ def test_update_assume_role_valid_policy(): policy_document = MOCK_STS_EC2_POLICY_DOCUMENT conn.update_assume_role_policy(RoleName="my-role", PolicyDocument=policy_document) role = conn.get_role(RoleName="my-role")["Role"] - role["AssumeRolePolicyDocument"]["Statement"][0]["Action"][0].should.equal( - "sts:AssumeRole" + assert ( + role["AssumeRolePolicyDocument"]["Statement"][0]["Action"][0] + == "sts:AssumeRole" ) @@ -500,10 +499,10 @@ def test_update_assume_role_invalid_policy_bad_action(): RoleName="my-role", PolicyDocument=policy_document ) err = ex.value.response["Error"] - err["Code"].should.equal("MalformedPolicyDocument") - err["Message"].should.contain( - "Trust Policy statement actions can only be sts:AssumeRole, " - "sts:AssumeRoleWithSAML, and sts:AssumeRoleWithWebIdentity" + assert err["Code"] == "MalformedPolicyDocument" + assert ( + "Trust Policy statement actions can only be sts:AssumeRole, sts:AssumeRoleWithSAML, and sts:AssumeRoleWithWebIdentity" + in err["Message"] ) @@ -534,8 +533,8 @@ def test_update_assume_role_invalid_policy_with_resource(): RoleName="my-role", PolicyDocument=policy_document ) err = ex.value.response["Error"] - err["Code"].should.equal("MalformedPolicyDocument") - err["Message"].should.contain("Has prohibited field Resource.") + assert err["Code"] == "MalformedPolicyDocument" + assert "Has prohibited field Resource." in err["Message"] @mock_iam @@ -544,8 +543,9 @@ def test_create_policy(): response = conn.create_policy( PolicyName="TestCreatePolicy", PolicyDocument=MOCK_POLICY ) - response["Policy"]["Arn"].should.equal( - f"arn:aws:iam::{ACCOUNT_ID}:policy/TestCreatePolicy" + assert ( + response["Policy"]["Arn"] + == f"arn:aws:iam::{ACCOUNT_ID}:policy/TestCreatePolicy" ) @@ -555,9 +555,9 @@ def test_create_policy_already_exists(): conn.create_policy(PolicyName="TestCreatePolicy", PolicyDocument=MOCK_POLICY) with pytest.raises(conn.exceptions.EntityAlreadyExistsException) as ex: conn.create_policy(PolicyName="TestCreatePolicy", PolicyDocument=MOCK_POLICY) - ex.value.response["Error"]["Code"].should.equal("EntityAlreadyExists") - ex.value.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(409) - ex.value.response["Error"]["Message"].should.contain("TestCreatePolicy") + assert ex.value.response["Error"]["Code"] == "EntityAlreadyExists" + assert ex.value.response["ResponseMetadata"]["HTTPStatusCode"] == 409 + assert "TestCreatePolicy" in ex.value.response["Error"]["Message"] @mock_iam @@ -566,11 +566,11 @@ def test_delete_policy(): response = conn.create_policy( PolicyName="TestCreatePolicy", PolicyDocument=MOCK_POLICY ) - [ + assert [ pol["PolicyName"] for pol in conn.list_policies(Scope="Local")["Policies"] - ].should.equal(["TestCreatePolicy"]) + ] == ["TestCreatePolicy"] conn.delete_policy(PolicyArn=response["Policy"]["Arn"]) - assert conn.list_policies(Scope="Local")["Policies"].should.be.empty + assert conn.list_policies(Scope="Local")["Policies"] == [] @mock_iam @@ -587,9 +587,9 @@ def test_create_policy_versions(): PolicyDocument=MOCK_POLICY, SetAsDefault=True, ) - version.get("PolicyVersion").get("Document").should.equal(json.loads(MOCK_POLICY)) - version.get("PolicyVersion").get("VersionId").should.equal("v2") - version.get("PolicyVersion").get("IsDefaultVersion").should.be.ok + assert version.get("PolicyVersion")["Document"] == json.loads(MOCK_POLICY) + assert version.get("PolicyVersion")["VersionId"] == "v2" + assert version.get("PolicyVersion")["IsDefaultVersion"] is True conn.delete_policy_version( PolicyArn=f"arn:aws:iam::{ACCOUNT_ID}:policy/TestCreatePolicyVersion", VersionId="v1", @@ -598,8 +598,8 @@ def test_create_policy_versions(): PolicyArn=f"arn:aws:iam::{ACCOUNT_ID}:policy/TestCreatePolicyVersion", PolicyDocument=MOCK_POLICY, ) - version.get("PolicyVersion").get("VersionId").should.equal("v3") - version.get("PolicyVersion").get("IsDefaultVersion").shouldnt.be.ok + assert version.get("PolicyVersion")["VersionId"] == "v3" + assert version.get("PolicyVersion")["IsDefaultVersion"] is False @mock_iam @@ -639,12 +639,12 @@ def test_set_default_policy_version(): versions = conn.list_policy_versions( PolicyArn=f"arn:aws:iam::{ACCOUNT_ID}:policy/TestSetDefaultPolicyVersion" ) - versions.get("Versions")[0].get("Document").should.equal(json.loads(MOCK_POLICY)) - versions.get("Versions")[0].get("IsDefaultVersion").shouldnt.be.ok - versions.get("Versions")[1].get("Document").should.equal(json.loads(MOCK_POLICY_2)) - versions.get("Versions")[1].get("IsDefaultVersion").shouldnt.be.ok - versions.get("Versions")[2].get("Document").should.equal(json.loads(MOCK_POLICY_3)) - versions.get("Versions")[2].get("IsDefaultVersion").should.be.ok + assert versions["Versions"][0]["Document"] == json.loads(MOCK_POLICY) + assert versions["Versions"][0]["IsDefaultVersion"] is False + assert versions["Versions"][1]["Document"] == json.loads(MOCK_POLICY_2) + assert versions["Versions"][1]["IsDefaultVersion"] is False + assert versions["Versions"][2]["Document"] == json.loads(MOCK_POLICY_3) + assert versions["Versions"][2]["IsDefaultVersion"] is True conn.set_default_policy_version( PolicyArn=f"arn:aws:iam::{ACCOUNT_ID}:policy/TestSetDefaultPolicyVersion", @@ -653,38 +653,47 @@ def test_set_default_policy_version(): versions = conn.list_policy_versions( PolicyArn=f"arn:aws:iam::{ACCOUNT_ID}:policy/TestSetDefaultPolicyVersion" ) - versions.get("Versions")[0].get("Document").should.equal(json.loads(MOCK_POLICY)) - versions.get("Versions")[0].get("IsDefaultVersion").should.be.ok - versions.get("Versions")[1].get("Document").should.equal(json.loads(MOCK_POLICY_2)) - versions.get("Versions")[1].get("IsDefaultVersion").shouldnt.be.ok - versions.get("Versions")[2].get("Document").should.equal(json.loads(MOCK_POLICY_3)) - versions.get("Versions")[2].get("IsDefaultVersion").shouldnt.be.ok + assert versions["Versions"][0]["Document"] == json.loads(MOCK_POLICY) + assert versions["Versions"][0]["IsDefaultVersion"] is True + assert versions["Versions"][1]["Document"] == json.loads(MOCK_POLICY_2) + assert versions["Versions"][1]["IsDefaultVersion"] is False + assert versions["Versions"][2]["Document"] == json.loads(MOCK_POLICY_3) + assert versions["Versions"][2]["IsDefaultVersion"] is False # Set default version for non-existing policy - conn.set_default_policy_version.when.called_with( - PolicyArn=f"arn:aws:iam::{ACCOUNT_ID}:policy/TestNonExistingPolicy", - VersionId="v1", - ).should.throw( - ClientError, - f"Policy arn:aws:iam::{ACCOUNT_ID}:policy/TestNonExistingPolicy not found", + with pytest.raises(ClientError) as exc: + conn.set_default_policy_version( + PolicyArn=f"arn:aws:iam::{ACCOUNT_ID}:policy/TestNonExistingPolicy", + VersionId="v1", + ) + err = exc.value.response["Error"] + assert ( + err["Message"] + == f"Policy arn:aws:iam::{ACCOUNT_ID}:policy/TestNonExistingPolicy not found" ) # Set default version for incorrect version - conn.set_default_policy_version.when.called_with( - PolicyArn=f"arn:aws:iam::{ACCOUNT_ID}:policy/TestSetDefaultPolicyVersion", - VersionId="wrong_version_id", - ).should.throw( - ClientError, - r"Value 'wrong_version_id' at 'versionId' failed to satisfy constraint: Member must satisfy regular expression pattern: v[1-9][0-9]*(\.[A-Za-z0-9-]*)?", + with pytest.raises(ClientError) as exc: + conn.set_default_policy_version( + PolicyArn=f"arn:aws:iam::{ACCOUNT_ID}:policy/TestSetDefaultPolicyVersion", + VersionId="wrong_version_id", + ) + err = exc.value.response["Error"] + assert ( + err["Message"] + == r"Value 'wrong_version_id' at 'versionId' failed to satisfy constraint: Member must satisfy regular expression pattern: v[1-9][0-9]*(\.[A-Za-z0-9-]*)?" ) # Set default version for non-existing version - conn.set_default_policy_version.when.called_with( - PolicyArn=f"arn:aws:iam::{ACCOUNT_ID}:policy/TestSetDefaultPolicyVersion", - VersionId="v4", - ).should.throw( - ClientError, - f"Policy arn:aws:iam::{ACCOUNT_ID}:policy/TestSetDefaultPolicyVersion version v4 does not exist or is not attachable.", + with pytest.raises(ClientError) as exc: + conn.set_default_policy_version( + PolicyArn=f"arn:aws:iam::{ACCOUNT_ID}:policy/TestSetDefaultPolicyVersion", + VersionId="v4", + ) + err = exc.value.response["Error"] + assert ( + err["Message"] + == f"Policy arn:aws:iam::{ACCOUNT_ID}:policy/TestSetDefaultPolicyVersion version v4 does not exist or is not attachable." ) @@ -695,9 +704,7 @@ def test_get_policy(): policy = conn.get_policy( PolicyArn=f"arn:aws:iam::{ACCOUNT_ID}:policy/TestGetPolicy" ) - policy["Policy"]["Arn"].should.equal( - f"arn:aws:iam::{ACCOUNT_ID}:policy/TestGetPolicy" - ) + assert policy["Policy"]["Arn"] == f"arn:aws:iam::{ACCOUNT_ID}:policy/TestGetPolicy" @mock_iam @@ -708,9 +715,10 @@ def test_get_aws_managed_policy(): "2016-11-15T00:25:16+00:00", "%Y-%m-%dT%H:%M:%S+00:00" ) policy = conn.get_policy(PolicyArn=managed_policy_arn) - policy["Policy"]["Arn"].should.equal(managed_policy_arn) - policy["Policy"]["CreateDate"].replace(tzinfo=None).should.equal( - managed_policy_create_date + assert policy["Policy"]["Arn"] == managed_policy_arn + assert ( + policy["Policy"]["CreateDate"].replace(tzinfo=None) + == managed_policy_create_date ) @@ -729,10 +737,10 @@ def test_get_policy_version(): ) retrieved = conn.get_policy_version( PolicyArn=f"arn:aws:iam::{ACCOUNT_ID}:policy/TestGetPolicyVersion", - VersionId=version.get("PolicyVersion").get("VersionId"), + VersionId=version.get("PolicyVersion")["VersionId"], ) - retrieved.get("PolicyVersion").get("Document").should.equal(json.loads(MOCK_POLICY)) - retrieved.get("PolicyVersion").get("IsDefaultVersion").shouldnt.be.ok + assert retrieved.get("PolicyVersion")["Document"] == json.loads(MOCK_POLICY) + assert retrieved.get("PolicyVersion")["IsDefaultVersion"] is False @mock_iam @@ -749,10 +757,11 @@ def test_get_aws_managed_policy_version(): PolicyArn=managed_policy_arn, VersionId="v2-does-not-exist" ) retrieved = conn.get_policy_version(PolicyArn=managed_policy_arn, VersionId="v1") - retrieved["PolicyVersion"]["CreateDate"].replace(tzinfo=None).should.equal( - managed_policy_version_create_date + assert ( + retrieved["PolicyVersion"]["CreateDate"].replace(tzinfo=None) + == managed_policy_version_create_date ) - retrieved["PolicyVersion"]["Document"].should.be.an(dict) + assert isinstance(retrieved["PolicyVersion"]["Document"], dict) @mock_iam @@ -764,8 +773,10 @@ def test_get_aws_managed_policy_v6_version(): PolicyArn=managed_policy_arn, VersionId="v2-does-not-exist" ) retrieved = conn.get_policy_version(PolicyArn=managed_policy_arn, VersionId="v6") - retrieved["PolicyVersion"]["CreateDate"].replace(tzinfo=None).should.be.an(datetime) - retrieved["PolicyVersion"]["Document"].should.be.an(dict) + assert isinstance( + retrieved["PolicyVersion"]["CreateDate"].replace(tzinfo=None), datetime + ) + assert isinstance(retrieved["PolicyVersion"]["Document"], dict) @mock_iam @@ -779,8 +790,8 @@ def test_list_policy_versions(): versions = conn.list_policy_versions( PolicyArn=f"arn:aws:iam::{ACCOUNT_ID}:policy/TestListPolicyVersions" ) - versions.get("Versions")[0].get("VersionId").should.equal("v1") - versions.get("Versions")[0].get("IsDefaultVersion").should.be.ok + assert versions["Versions"][0]["VersionId"] == "v1" + assert versions["Versions"][0]["IsDefaultVersion"] is True conn.create_policy_version( PolicyArn=f"arn:aws:iam::{ACCOUNT_ID}:policy/TestListPolicyVersions", @@ -793,10 +804,10 @@ def test_list_policy_versions(): versions = conn.list_policy_versions( PolicyArn=f"arn:aws:iam::{ACCOUNT_ID}:policy/TestListPolicyVersions" ) - versions.get("Versions")[1].get("Document").should.equal(json.loads(MOCK_POLICY_2)) - versions.get("Versions")[1].get("IsDefaultVersion").shouldnt.be.ok - versions.get("Versions")[2].get("Document").should.equal(json.loads(MOCK_POLICY_3)) - versions.get("Versions")[2].get("IsDefaultVersion").shouldnt.be.ok + assert versions["Versions"][1]["Document"] == json.loads(MOCK_POLICY_2) + assert versions["Versions"][1]["IsDefaultVersion"] is False + assert versions["Versions"][2]["Document"] == json.loads(MOCK_POLICY_3) + assert versions["Versions"][2]["IsDefaultVersion"] is False @mock_iam @@ -819,7 +830,7 @@ def test_delete_policy_version(): versions = conn.list_policy_versions( PolicyArn=f"arn:aws:iam::{ACCOUNT_ID}:policy/TestDeletePolicyVersion" ) - len(versions.get("Versions")).should.equal(1) + assert len(versions["Versions"]) == 1 @mock_iam @@ -1374,17 +1385,17 @@ def test_untag_policy(): def test_create_user_boto(): conn = boto3.client("iam", region_name="us-east-1") u = conn.create_user(UserName="my-user")["User"] - u["Path"].should.equal("/") - u["UserName"].should.equal("my-user") - u.should.have.key("UserId") - u["Arn"].should.equal(f"arn:aws:iam::{ACCOUNT_ID}:user/my-user") - u["CreateDate"].should.be.a(datetime) + assert u["Path"] == "/" + assert u["UserName"] == "my-user" + assert "UserId" in u + assert u["Arn"] == f"arn:aws:iam::{ACCOUNT_ID}:user/my-user" + assert isinstance(u["CreateDate"], datetime) with pytest.raises(ClientError) as ex: conn.create_user(UserName="my-user") err = ex.value.response["Error"] - err["Code"].should.equal("EntityAlreadyExists") - err["Message"].should.equal("User my-user already exists") + assert err["Code"] == "EntityAlreadyExists" + assert err["Message"] == "User my-user already exists" @mock_iam @@ -1393,17 +1404,17 @@ def test_get_user(): with pytest.raises(ClientError) as ex: conn.get_user(UserName="my-user") err = ex.value.response["Error"] - err["Code"].should.equal("NoSuchEntity") - err["Message"].should.equal("The user with name my-user cannot be found.") + assert err["Code"] == "NoSuchEntity" + assert err["Message"] == "The user with name my-user cannot be found." conn.create_user(UserName="my-user") u = conn.get_user(UserName="my-user")["User"] - u["Path"].should.equal("/") - u["UserName"].should.equal("my-user") - u.should.have.key("UserId") - u["Arn"].should.equal(f"arn:aws:iam::{ACCOUNT_ID}:user/my-user") - u["CreateDate"].should.be.a(datetime) + assert u["Path"] == "/" + assert u["UserName"] == "my-user" + assert "UserId" in u + assert u["Arn"] == f"arn:aws:iam::{ACCOUNT_ID}:user/my-user" + assert isinstance(u["CreateDate"], datetime) @mock_iam() @@ -1414,7 +1425,7 @@ def test_update_user(): conn.create_user(UserName="my-user") conn.update_user(UserName="my-user", NewPath="/new-path/", NewUserName="new-user") response = conn.get_user(UserName="new-user") - response["User"].get("Path").should.equal("/new-path/") + assert response["User"]["Path"] == "/new-path/" with pytest.raises(conn.exceptions.NoSuchEntityException): conn.get_user(UserName="my-user") @@ -1424,7 +1435,7 @@ def test_get_current_user(): """If no user is specific, IAM returns the current user""" conn = boto3.client("iam", region_name="us-east-1") user = conn.get_user()["User"] - user["UserName"].should.equal("default_user") + assert user["UserName"] == "default_user" @mock_iam() @@ -1435,16 +1446,16 @@ def test_list_users(): conn.create_user(UserName="my-user") response = conn.list_users(PathPrefix=path_prefix, MaxItems=max_items) user = response["Users"][0] - user["UserName"].should.equal("my-user") - user["Path"].should.equal("/") - user["Arn"].should.equal(f"arn:aws:iam::{ACCOUNT_ID}:user/my-user") - response["IsTruncated"].should.equal(False) + assert user["UserName"] == "my-user" + assert user["Path"] == "/" + assert user["Arn"] == f"arn:aws:iam::{ACCOUNT_ID}:user/my-user" + assert response["IsTruncated"] is False conn.create_user(UserName="my-user-1", Path="myUser") response = conn.list_users(PathPrefix="my") user = response["Users"][0] - user["UserName"].should.equal("my-user-1") - user["Path"].should.equal("myUser") + assert user["UserName"] == "my-user-1" + assert user["Path"] == "myUser" @mock_iam() @@ -1458,16 +1469,16 @@ def test_user_policies(): ) policy_doc = conn.get_user_policy(UserName=user_name, PolicyName=policy_name) - policy_doc["PolicyDocument"].should.equal(json.loads(MOCK_POLICY)) + assert policy_doc["PolicyDocument"] == json.loads(MOCK_POLICY) policies = conn.list_user_policies(UserName=user_name) - len(policies["PolicyNames"]).should.equal(1) - policies["PolicyNames"][0].should.equal(policy_name) + assert len(policies["PolicyNames"]) == 1 + assert policies["PolicyNames"][0] == policy_name conn.delete_user_policy(UserName=user_name, PolicyName=policy_name) policies = conn.list_user_policies(UserName=user_name) - len(policies["PolicyNames"]).should.equal(0) + assert len(policies["PolicyNames"]) == 0 @mock_iam @@ -1476,8 +1487,8 @@ def test_create_login_profile_with_unknown_user(): with pytest.raises(ClientError) as ex: conn.create_login_profile(UserName="my-user", Password="my-pass") err = ex.value.response["Error"] - err["Code"].should.equal("NoSuchEntity") - err["Message"].should.equal("The user with name my-user cannot be found.") + assert err["Code"] == "NoSuchEntity" + assert err["Message"] == "The user with name my-user cannot be found." @mock_iam @@ -1486,8 +1497,8 @@ def test_delete_login_profile_with_unknown_user(): with pytest.raises(ClientError) as ex: conn.delete_login_profile(UserName="my-user") err = ex.value.response["Error"] - err["Code"].should.equal("NoSuchEntity") - err["Message"].should.equal("The user with name my-user cannot be found.") + assert err["Code"] == "NoSuchEntity" + assert err["Message"] == "The user with name my-user cannot be found." @mock_iam @@ -1497,8 +1508,8 @@ def test_delete_nonexistent_login_profile(): with pytest.raises(ClientError) as ex: conn.delete_login_profile(UserName="my-user") err = ex.value.response["Error"] - err["Code"].should.equal("NoSuchEntity") - err["Message"].should.equal("Login profile for my-user not found") + assert err["Code"] == "NoSuchEntity" + assert err["Message"] == "Login profile for my-user not found" @mock_iam @@ -1508,9 +1519,8 @@ def test_delete_login_profile(): conn.create_login_profile(UserName="my-user", Password="my-pass") conn.delete_login_profile(UserName="my-user") - conn.get_login_profile.when.called_with(UserName="my-user").should.throw( - ClientError - ) + with pytest.raises(ClientError): + conn.get_login_profile(UserName="my-user") @mock_iam @@ -1520,11 +1530,13 @@ def test_create_access_key(): conn.create_access_key(UserName="my-user") conn.create_user(UserName="my-user") access_key = conn.create_access_key(UserName="my-user")["AccessKey"] - ( - datetime.utcnow() - access_key["CreateDate"].replace(tzinfo=None) - ).seconds.should.be.within(0, 10) - access_key["AccessKeyId"].should.have.length_of(20) - access_key["SecretAccessKey"].should.have.length_of(40) + assert ( + 0 + <= (datetime.utcnow() - access_key["CreateDate"].replace(tzinfo=None)).seconds + < 10 + ) + assert len(access_key["AccessKeyId"]) == 20 + assert len(access_key["SecretAccessKey"]) == 40 assert access_key["AccessKeyId"].startswith("AKIA") conn = boto3.client( "iam", @@ -1533,11 +1545,13 @@ def test_create_access_key(): aws_secret_access_key=access_key["SecretAccessKey"], ) access_key = conn.create_access_key()["AccessKey"] - ( - datetime.utcnow() - access_key["CreateDate"].replace(tzinfo=None) - ).seconds.should.be.within(0, 10) - access_key["AccessKeyId"].should.have.length_of(20) - access_key["SecretAccessKey"].should.have.length_of(40) + assert ( + 0 + <= (datetime.utcnow() - access_key["CreateDate"].replace(tzinfo=None)).seconds + < 10 + ) + assert len(access_key["AccessKeyId"]) == 20 + assert len(access_key["SecretAccessKey"]) == 40 assert access_key["AccessKeyId"].startswith("AKIA") @@ -1553,8 +1567,8 @@ def test_limit_access_key_per_user(): conn.create_access_key(UserName=user_name) err = ex.value.response["Error"] - err["Code"].should.equal("LimitExceeded") - err["Message"].should.equal("Cannot exceed quota for AccessKeysPerUser: 2") + assert err["Code"] == "LimitExceeded" + assert err["Message"] == "Cannot exceed quota for AccessKeysPerUser: 2" @mock_iam @@ -1605,12 +1619,12 @@ def test_mfa_devices(): # Test list mfa devices response = conn.list_mfa_devices(UserName="my-user") device = response["MFADevices"][0] - device["SerialNumber"].should.equal("123456789") + assert device["SerialNumber"] == "123456789" # Test deactivate mfa device conn.deactivate_mfa_device(UserName="my-user", SerialNumber="123456789") response = conn.list_mfa_devices(UserName="my-user") - len(response["MFADevices"]).should.equal(0) + assert len(response["MFADevices"]) == 0 @mock_iam @@ -1619,30 +1633,28 @@ def test_create_virtual_mfa_device(): response = client.create_virtual_mfa_device(VirtualMFADeviceName="test-device") device = response["VirtualMFADevice"] - device["SerialNumber"].should.equal(f"arn:aws:iam::{ACCOUNT_ID}:mfa/test-device") - device["Base32StringSeed"].decode("ascii").should.match("[A-Z234567]") - device["QRCodePNG"].should_not.equal("") + assert device["SerialNumber"] == f"arn:aws:iam::{ACCOUNT_ID}:mfa/test-device" + device["Base32StringSeed"].decode("ascii") + assert device["QRCodePNG"] != "" response = client.create_virtual_mfa_device( Path="/", VirtualMFADeviceName="test-device-2" ) device = response["VirtualMFADevice"] - device["SerialNumber"].should.equal(f"arn:aws:iam::{ACCOUNT_ID}:mfa/test-device-2") - device["Base32StringSeed"].decode("ascii").should.match("[A-Z234567]") - device["QRCodePNG"].should_not.equal("") + assert device["SerialNumber"] == f"arn:aws:iam::{ACCOUNT_ID}:mfa/test-device-2" + device["Base32StringSeed"].decode("ascii") + assert device["QRCodePNG"] != "" response = client.create_virtual_mfa_device( Path="/test/", VirtualMFADeviceName="test-device" ) device = response["VirtualMFADevice"] - device["SerialNumber"].should.equal( - f"arn:aws:iam::{ACCOUNT_ID}:mfa/test/test-device" - ) - device["Base32StringSeed"].decode("ascii").should.match("[A-Z234567]") - device["QRCodePNG"].should_not.equal("") - device["QRCodePNG"].should.be.a(bytes) + assert device["SerialNumber"] == f"arn:aws:iam::{ACCOUNT_ID}:mfa/test/test-device" + device["Base32StringSeed"].decode("ascii") + assert device["QRCodePNG"] != "" + assert isinstance(device["QRCodePNG"], bytes) @mock_iam @@ -1650,36 +1662,42 @@ def test_create_virtual_mfa_device_errors(): client = boto3.client("iam", region_name="us-east-1") client.create_virtual_mfa_device(VirtualMFADeviceName="test-device") - client.create_virtual_mfa_device.when.called_with( - VirtualMFADeviceName="test-device" - ).should.throw( - ClientError, "MFADevice entity at the same path and name already exists." + with pytest.raises(ClientError) as exc: + client.create_virtual_mfa_device(VirtualMFADeviceName="test-device") + err = exc.value.response["Error"] + assert ( + err["Message"] == "MFADevice entity at the same path and name already exists." ) - client.create_virtual_mfa_device.when.called_with( - Path="test", VirtualMFADeviceName="test-device" - ).should.throw( - ClientError, - "The specified value for path is invalid. " - "It must begin and end with / and contain only alphanumeric characters and/or / characters.", + with pytest.raises(ClientError) as exc: + client.create_virtual_mfa_device( + Path="test", VirtualMFADeviceName="test-device" + ) + err = exc.value.response["Error"] + assert ( + err["Message"] + == "The specified value for path is invalid. It must begin and end with / and contain only alphanumeric characters and/or / characters." ) - client.create_virtual_mfa_device.when.called_with( - Path="/test//test/", VirtualMFADeviceName="test-device" - ).should.throw( - ClientError, - "The specified value for path is invalid. " - "It must begin and end with / and contain only alphanumeric characters and/or / characters.", + with pytest.raises(ClientError) as exc: + client.create_virtual_mfa_device( + Path="/test//test/", VirtualMFADeviceName="test-device" + ) + err = exc.value.response["Error"] + assert ( + err["Message"] + == "The specified value for path is invalid. It must begin and end with / and contain only alphanumeric characters and/or / characters." ) too_long_path = f"/{('b' * 511)}/" - client.create_virtual_mfa_device.when.called_with( - Path=too_long_path, VirtualMFADeviceName="test-device" - ).should.throw( - ClientError, - "1 validation error detected: " - 'Value "{}" at "path" failed to satisfy constraint: ' - "Member must have length less than or equal to 512", + with pytest.raises(ClientError) as exc: + client.create_virtual_mfa_device( + Path=too_long_path, VirtualMFADeviceName="test-device" + ) + err = exc.value.response["Error"] + assert ( + err["Message"] + == '1 validation error detected: Value "{}" at "path" failed to satisfy constraint: Member must have length less than or equal to 512' ) @@ -1693,8 +1711,8 @@ def test_delete_virtual_mfa_device(): response = client.list_virtual_mfa_devices() - response["VirtualMFADevices"].should.have.length_of(0) - response["IsTruncated"].should.equal(False) + assert len(response["VirtualMFADevices"]) == 0 + assert response["IsTruncated"] is False @mock_iam @@ -1702,11 +1720,12 @@ def test_delete_virtual_mfa_device_errors(): client = boto3.client("iam", region_name="us-east-1") serial_number = f"arn:aws:iam::{ACCOUNT_ID}:mfa/not-existing" - client.delete_virtual_mfa_device.when.called_with( - SerialNumber=serial_number - ).should.throw( - ClientError, - f"VirtualMFADevice with serial number {serial_number} doesn't exist.", + with pytest.raises(ClientError) as exc: + client.delete_virtual_mfa_device(SerialNumber=serial_number) + err = exc.value.response["Error"] + assert ( + err["Message"] + == f"VirtualMFADevice with serial number {serial_number} doesn't exist." ) @@ -1723,35 +1742,37 @@ def test_list_virtual_mfa_devices(): response = client.list_virtual_mfa_devices() - response["VirtualMFADevices"].should.equal( - [{"SerialNumber": serial_number_1}, {"SerialNumber": serial_number_2}] - ) - response["IsTruncated"].should.equal(False) + assert response["VirtualMFADevices"] == [ + {"SerialNumber": serial_number_1}, + {"SerialNumber": serial_number_2}, + ] + assert response["IsTruncated"] is False response = client.list_virtual_mfa_devices(AssignmentStatus="Assigned") - response["VirtualMFADevices"].should.have.length_of(0) - response["IsTruncated"].should.equal(False) + assert len(response["VirtualMFADevices"]) == 0 + assert response["IsTruncated"] is False response = client.list_virtual_mfa_devices(AssignmentStatus="Unassigned") - response["VirtualMFADevices"].should.equal( - [{"SerialNumber": serial_number_1}, {"SerialNumber": serial_number_2}] - ) - response["IsTruncated"].should.equal(False) + assert response["VirtualMFADevices"] == [ + {"SerialNumber": serial_number_1}, + {"SerialNumber": serial_number_2}, + ] + assert response["IsTruncated"] is False response = client.list_virtual_mfa_devices(AssignmentStatus="Any", MaxItems=1) - response["VirtualMFADevices"].should.equal([{"SerialNumber": serial_number_1}]) - response["IsTruncated"].should.equal(True) - response["Marker"].should.equal("1") + assert response["VirtualMFADevices"] == [{"SerialNumber": serial_number_1}] + assert response["IsTruncated"] is True + assert response["Marker"] == "1" response = client.list_virtual_mfa_devices( AssignmentStatus="Any", Marker=response["Marker"] ) - response["VirtualMFADevices"].should.equal([{"SerialNumber": serial_number_2}]) - response["IsTruncated"].should.equal(False) + assert response["VirtualMFADevices"] == [{"SerialNumber": serial_number_2}] + assert response["IsTruncated"] is False @mock_iam @@ -1759,9 +1780,10 @@ def test_list_virtual_mfa_devices_errors(): client = boto3.client("iam", region_name="us-east-1") client.create_virtual_mfa_device(VirtualMFADeviceName="test-device") - client.list_virtual_mfa_devices.when.called_with(Marker="100").should.throw( - ClientError, "Invalid Marker." - ) + with pytest.raises(ClientError) as exc: + client.list_virtual_mfa_devices(Marker="100") + err = exc.value.response["Error"] + assert err["Message"] == "Invalid Marker." @mock_iam @@ -1781,33 +1803,32 @@ def test_enable_virtual_mfa_device(): response = client.list_virtual_mfa_devices(AssignmentStatus="Unassigned") - response["VirtualMFADevices"].should.have.length_of(0) - response["IsTruncated"].should.equal(False) + assert len(response["VirtualMFADevices"]) == 0 + assert response["IsTruncated"] is False response = client.list_virtual_mfa_devices(AssignmentStatus="Assigned") device = response["VirtualMFADevices"][0] - device["SerialNumber"].should.equal(serial_number) - device["User"]["Path"].should.equal("/") - device["User"]["UserName"].should.equal("test-user") - device["User"]["UserId"].should.match("[a-z0-9]+") - device["User"]["Arn"].should.equal(f"arn:aws:iam::{ACCOUNT_ID}:user/test-user") - device["User"]["CreateDate"].should.be.a(datetime) - device["User"]["Tags"].should.equal(tags) - device["EnableDate"].should.be.a(datetime) - response["IsTruncated"].should.equal(False) + assert device["SerialNumber"] == serial_number + assert device["User"]["Path"] == "/" + assert device["User"]["UserName"] == "test-user" + assert device["User"]["Arn"] == f"arn:aws:iam::{ACCOUNT_ID}:user/test-user" + assert isinstance(device["User"]["CreateDate"], datetime) + assert device["User"]["Tags"] == tags + assert isinstance(device["EnableDate"], datetime) + assert response["IsTruncated"] is False client.deactivate_mfa_device(UserName="test-user", SerialNumber=serial_number) response = client.list_virtual_mfa_devices(AssignmentStatus="Assigned") - response["VirtualMFADevices"].should.have.length_of(0) - response["IsTruncated"].should.equal(False) + assert len(response["VirtualMFADevices"]) == 0 + assert response["IsTruncated"] is False response = client.list_virtual_mfa_devices(AssignmentStatus="Unassigned") - response["VirtualMFADevices"].should.equal([{"SerialNumber": serial_number}]) - response["IsTruncated"].should.equal(False) + assert response["VirtualMFADevices"] == [{"SerialNumber": serial_number}] + assert response["IsTruncated"] is False @mock_iam() @@ -1853,9 +1874,9 @@ def test_delete_user(): def test_generate_credential_report(): conn = boto3.client("iam", region_name="us-east-1") result = conn.generate_credential_report() - result["State"].should.equal("STARTED") + assert result["State"] == "STARTED" result = conn.generate_credential_report() - result["State"].should.equal("COMPLETE") + assert result["State"] == "COMPLETE" @mock_iam @@ -1869,7 +1890,7 @@ def test_get_credential_report(): result = conn.generate_credential_report() result = conn.get_credential_report() report = result["Content"].decode("utf-8") - report.should.match(r".*my-user.*") + assert "my-user" in report @mock_iam @@ -1896,22 +1917,23 @@ def test_get_credential_report_content(): result = conn.get_credential_report() report = result["Content"].decode("utf-8") header = report.split("\n")[0] - header.should.equal( - "user,arn,user_creation_time,password_enabled,password_last_used,password_last_changed,password_next_rotation,mfa_active,access_key_1_active,access_key_1_last_rotated,access_key_1_last_used_date,access_key_1_last_used_region,access_key_1_last_used_service,access_key_2_active,access_key_2_last_rotated,access_key_2_last_used_date,access_key_2_last_used_region,access_key_2_last_used_service,cert_1_active,cert_1_last_rotated,cert_2_active,cert_2_last_rotated" + assert ( + header + == "user,arn,user_creation_time,password_enabled,password_last_used,password_last_changed,password_next_rotation,mfa_active,access_key_1_active,access_key_1_last_rotated,access_key_1_last_used_date,access_key_1_last_used_region,access_key_1_last_used_service,access_key_2_active,access_key_2_last_rotated,access_key_2_last_used_date,access_key_2_last_used_region,access_key_2_last_used_service,cert_1_active,cert_1_last_rotated,cert_2_active,cert_2_last_rotated" ) report_dict = csv.DictReader(report.split("\n")) user = next(report_dict) - user["user"].should.equal("my-user") - user["access_key_1_active"].should.equal("false") - user["access_key_1_last_rotated"].should.match(timestamp.strftime("%Y-%m-%d")) - user["access_key_1_last_used_date"].should.equal("N/A") - user["access_key_2_active"].should.equal("true") + assert user["user"] == "my-user" + assert user["access_key_1_active"] == "false" + assert timestamp.strftime("%Y-%m-%d") in user["access_key_1_last_rotated"] + assert user["access_key_1_last_used_date"] == "N/A" + assert user["access_key_2_active"] == "true" if not settings.TEST_SERVER_MODE: - user["access_key_2_last_used_date"].should.match(timestamp.strftime("%Y-%m-%d")) - user["password_last_used"].should.match(timestamp.strftime("%Y-%m-%d")) + assert timestamp.strftime("%Y-%m-%d") in user["access_key_2_last_used_date"] + assert timestamp.strftime("%Y-%m-%d") in user["password_last_used"] else: - user["access_key_2_last_used_date"].should.equal("N/A") - user["password_last_used"].should.equal("no_information") + assert user["access_key_2_last_used_date"] == "N/A" + assert user["password_last_used"] == "no_information" @mock_iam @@ -1935,9 +1957,9 @@ def test_get_access_key_last_used_when_used(): resp = client.get_access_key_last_used( AccessKeyId=create_key_response["AccessKeyId"] ) - resp["AccessKeyLastUsed"].should.have.key("LastUsedDate") - resp["AccessKeyLastUsed"].should.have.key("ServiceName").equals("iam") - resp["AccessKeyLastUsed"].should.have.key("Region").equals("us-east-1") + assert "LastUsedDate" in resp["AccessKeyLastUsed"] + assert resp["AccessKeyLastUsed"]["ServiceName"] == "iam" + assert resp["AccessKeyLastUsed"]["Region"] == "us-east-1" @mock_iam @@ -1959,12 +1981,12 @@ def test_managed_policy(): aws_policies.append(policy) marker = response.get("Marker") aws_managed_policies = iam_backends[ACCOUNT_ID]["global"].aws_managed_policies - set(p.name for p in aws_managed_policies).should.equal( - set(p["PolicyName"] for p in aws_policies) + assert set(p.name for p in aws_managed_policies) == set( + p["PolicyName"] for p in aws_policies ) user_policies = conn.list_policies(Scope="Local")["Policies"] - set(["UserManagedPolicy"]).should.equal(set(p["PolicyName"] for p in user_policies)) + assert set(["UserManagedPolicy"]) == set(p["PolicyName"] for p in user_policies) marker = "0" all_policies = [] @@ -1973,8 +1995,8 @@ def test_managed_policy(): for policy in response["Policies"]: all_policies.append(policy) marker = response.get("Marker") - set(p["PolicyName"] for p in aws_policies + user_policies).should.equal( - set(p["PolicyName"] for p in all_policies) + assert set(p["PolicyName"] for p in aws_policies + user_policies) == set( + p["PolicyName"] for p in all_policies ) role_name = "my-new-role" @@ -1989,28 +2011,26 @@ def test_managed_policy(): conn.attach_role_policy(PolicyArn=policy_arn, RoleName=role_name) rows = conn.list_policies(OnlyAttached=True)["Policies"] - rows.should.have.length_of(2) + assert len(rows) == 2 for x in rows: - x["AttachmentCount"].should.be.greater_than(0) + assert x["AttachmentCount"] > 0 resp = conn.list_attached_role_policies(RoleName=role_name) - resp["AttachedPolicies"].should.have.length_of(2) + assert len(resp["AttachedPolicies"]) == 2 conn.detach_role_policy( PolicyArn="arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole", RoleName=role_name, ) rows = conn.list_policies(OnlyAttached=True)["Policies"] - [r["PolicyName"] for r in rows].should.contain("AWSControlTowerServiceRolePolicy") - [r["PolicyName"] for r in rows].shouldnt.contain("AmazonElasticMapReduceRole") + assert "AWSControlTowerServiceRolePolicy" in [r["PolicyName"] for r in rows] + assert "AmazonElasticMapReduceRole" not in [r["PolicyName"] for r in rows] for x in rows: - x["AttachmentCount"].should.be.greater_than(0) + assert x["AttachmentCount"] > 0 policies = conn.list_attached_role_policies(RoleName=role_name)["AttachedPolicies"] - [p["PolicyName"] for p in policies].should.contain( - "AWSControlTowerServiceRolePolicy" - ) - [p["PolicyName"] for p in policies].shouldnt.contain("AmazonElasticMapReduceRole") + assert "AWSControlTowerServiceRolePolicy" in [p["PolicyName"] for p in policies] + assert "AmazonElasticMapReduceRole" not in [p["PolicyName"] for p in policies] with pytest.raises(ClientError) as ex: conn.detach_role_policy( @@ -2018,9 +2038,10 @@ def test_managed_policy(): RoleName=role_name, ) err = ex.value.response["Error"] - err["Code"].should.equal("NoSuchEntity") - err["Message"].should.equal( - "Policy arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole was not found." + assert err["Code"] == "NoSuchEntity" + assert ( + err["Message"] + == "Policy arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole was not found." ) with pytest.raises(ClientError) as ex: @@ -2028,10 +2049,8 @@ def test_managed_policy(): PolicyArn="arn:aws:iam::aws:policy/Nonexistent", RoleName=role_name ) err = ex.value.response["Error"] - err["Code"].should.equal("NoSuchEntity") - err["Message"].should.equal( - "Policy arn:aws:iam::aws:policy/Nonexistent was not found." - ) + assert err["Code"] == "NoSuchEntity" + assert err["Message"] == "Policy arn:aws:iam::aws:policy/Nonexistent was not found." @mock_iam @@ -2044,8 +2063,8 @@ def test_create_login_profile__duplicate(): with pytest.raises(ClientError) as exc: conn.create_login_profile(UserName="my-user", Password="my-pass") err = exc.value.response["Error"] - err["Code"].should.equal("User my-user already has password") - err["Message"].should.equal(None) + assert err["Code"] == "User my-user already has password" + assert err["Message"] is None @mock_iam() @@ -2068,23 +2087,24 @@ def test_attach_detach_user_policy(): with pytest.raises(ClientError) as exc: client.attach_user_policy(UserName=user.name, PolicyArn=non_existent_policy_arn) err = exc.value.response["Error"] - err["Code"].should.equal("NoSuchEntity") - err["Message"].should.equal( - f"Policy {non_existent_policy_arn} does not exist or is not attachable." + assert err["Code"] == "NoSuchEntity" + assert ( + err["Message"] + == f"Policy {non_existent_policy_arn} does not exist or is not attachable." ) client.attach_user_policy(UserName=user.name, PolicyArn=policy.arn) resp = client.list_attached_user_policies(UserName=user.name) - resp["AttachedPolicies"].should.have.length_of(1) + assert len(resp["AttachedPolicies"]) == 1 attached_policy = resp["AttachedPolicies"][0] - attached_policy["PolicyArn"].should.equal(policy.arn) - attached_policy["PolicyName"].should.equal(policy_name) + assert attached_policy["PolicyArn"] == policy.arn + assert attached_policy["PolicyName"] == policy_name client.detach_user_policy(UserName=user.name, PolicyArn=policy.arn) resp = client.list_attached_user_policies(UserName=user.name) - resp["AttachedPolicies"].should.have.length_of(0) + assert len(resp["AttachedPolicies"]) == 0 @mock_iam() @@ -2107,23 +2127,24 @@ def test_attach_detach_role_policy(): with pytest.raises(ClientError) as exc: client.attach_role_policy(RoleName=role.name, PolicyArn=non_existent_policy_arn) err = exc.value.response["Error"] - err["Code"].should.equal("NoSuchEntity") - err["Message"].should.equal( - f"Policy {non_existent_policy_arn} does not exist or is not attachable." + assert err["Code"] == "NoSuchEntity" + assert ( + err["Message"] + == f"Policy {non_existent_policy_arn} does not exist or is not attachable." ) client.attach_role_policy(RoleName=role.name, PolicyArn=policy.arn) resp = client.list_attached_role_policies(RoleName=role.name) - resp["AttachedPolicies"].should.have.length_of(1) + assert len(resp["AttachedPolicies"]) == 1 attached_policy = resp["AttachedPolicies"][0] - attached_policy["PolicyArn"].should.equal(policy.arn) - attached_policy["PolicyName"].should.equal(policy_name) + assert attached_policy["PolicyArn"] == policy.arn + assert attached_policy["PolicyName"] == policy_name client.detach_role_policy(RoleName=role.name, PolicyArn=policy.arn) resp = client.list_attached_role_policies(RoleName=role.name) - resp["AttachedPolicies"].should.have.length_of(0) + assert len(resp["AttachedPolicies"]) == 0 @mock_iam() @@ -2142,13 +2163,13 @@ def test_only_detach_user_policy(): ) resp = client.list_attached_user_policies(UserName=user.name) - resp["AttachedPolicies"].should.have.length_of(0) + assert len(resp["AttachedPolicies"]) == 0 with pytest.raises(ClientError) as exc: client.detach_user_policy(UserName=user.name, PolicyArn=policy.arn) err = exc.value.response["Error"] - err["Code"].should.equal("NoSuchEntity") - err["Message"].should.equal(f"Policy {policy.arn} was not found.") + assert err["Code"] == "NoSuchEntity" + assert err["Message"] == f"Policy {policy.arn} was not found." @mock_iam() @@ -2167,13 +2188,13 @@ def test_only_detach_group_policy(): ) resp = client.list_attached_group_policies(GroupName=group.name) - resp["AttachedPolicies"].should.have.length_of(0) + assert len(resp["AttachedPolicies"]) == 0 with pytest.raises(ClientError) as exc: client.detach_group_policy(GroupName=group.name, PolicyArn=policy.arn) err = exc.value.response["Error"] - err["Code"].should.equal("NoSuchEntity") - err["Message"].should.equal(f"Policy {policy.arn} was not found.") + assert err["Code"] == "NoSuchEntity" + assert err["Message"] == f"Policy {policy.arn} was not found." @mock_iam() @@ -2192,13 +2213,13 @@ def test_only_detach_role_policy(): ) resp = client.list_attached_role_policies(RoleName=role.name) - resp["AttachedPolicies"].should.have.length_of(0) + assert len(resp["AttachedPolicies"]) == 0 with pytest.raises(ClientError) as exc: client.detach_role_policy(RoleName=role.name, PolicyArn=policy.arn) err = exc.value.response["Error"] - err["Code"].should.equal("NoSuchEntity") - err["Message"].should.equal(f"Policy {policy.arn} was not found.") + assert err["Code"] == "NoSuchEntity" + assert err["Message"] == f"Policy {policy.arn} was not found." @mock_iam @@ -2216,10 +2237,10 @@ def test_update_access_key(): UserName=username, AccessKeyId=key["AccessKeyId"], Status="Inactive" ) resp = client.list_access_keys(UserName=username) - resp["AccessKeyMetadata"][0]["Status"].should.equal("Inactive") + assert resp["AccessKeyMetadata"][0]["Status"] == "Inactive" client.update_access_key(AccessKeyId=key["AccessKeyId"], Status="Active") resp = client.list_access_keys(UserName=username) - resp["AccessKeyMetadata"][0]["Status"].should.equal("Active") + assert resp["AccessKeyMetadata"][0]["Status"] == "Active" @mock_iam @@ -2234,8 +2255,8 @@ def test_get_access_key_last_used_when_unused(): resp = client.get_access_key_last_used( AccessKeyId=create_key_response["AccessKeyId"] ) - resp["AccessKeyLastUsed"].should_not.contain("LastUsedDate") - resp["UserName"].should.equal(create_key_response["UserName"]) + assert "LastUsedDate" not in resp["AccessKeyLastUsed"] + assert resp["UserName"] == create_key_response["UserName"] @mock_iam @@ -2248,15 +2269,17 @@ def test_upload_ssh_public_key(): resp = client.upload_ssh_public_key(UserName=username, SSHPublicKeyBody=public_key) pubkey = resp["SSHPublicKey"] - pubkey["SSHPublicKeyBody"].should.equal(public_key) - pubkey["UserName"].should.equal(username) - pubkey["SSHPublicKeyId"].should.have.length_of(20) + assert pubkey["SSHPublicKeyBody"] == public_key + assert pubkey["UserName"] == username + assert len(pubkey["SSHPublicKeyId"]) == 20 assert pubkey["SSHPublicKeyId"].startswith("APKA") - pubkey.should.have.key("Fingerprint") - pubkey["Status"].should.equal("Active") - ( - datetime.utcnow() - pubkey["UploadDate"].replace(tzinfo=None) - ).seconds.should.be.within(0, 10) + assert "Fingerprint" in pubkey + assert pubkey["Status"] == "Active" + assert ( + 0 + <= ((datetime.utcnow() - pubkey["UploadDate"].replace(tzinfo=None)).seconds) + < 10 + ) @mock_iam @@ -2278,7 +2301,7 @@ def test_get_ssh_public_key(): resp = client.get_ssh_public_key( UserName=username, SSHPublicKeyId=ssh_public_key_id, Encoding="SSH" ) - resp["SSHPublicKey"]["SSHPublicKeyBody"].should.equal(public_key) + assert resp["SSHPublicKey"]["SSHPublicKeyBody"] == public_key @mock_iam @@ -2290,14 +2313,14 @@ def test_list_ssh_public_keys(): public_key = MOCK_CERT resp = client.list_ssh_public_keys(UserName=username) - resp["SSHPublicKeys"].should.have.length_of(0) + assert len(resp["SSHPublicKeys"]) == 0 resp = client.upload_ssh_public_key(UserName=username, SSHPublicKeyBody=public_key) ssh_public_key_id = resp["SSHPublicKey"]["SSHPublicKeyId"] resp = client.list_ssh_public_keys(UserName=username) - resp["SSHPublicKeys"].should.have.length_of(1) - resp["SSHPublicKeys"][0]["SSHPublicKeyId"].should.equal(ssh_public_key_id) + assert len(resp["SSHPublicKeys"]) == 1 + assert resp["SSHPublicKeys"][0]["SSHPublicKeyId"] == ssh_public_key_id @mock_iam @@ -2315,7 +2338,7 @@ def test_update_ssh_public_key(): resp = client.upload_ssh_public_key(UserName=username, SSHPublicKeyBody=public_key) ssh_public_key_id = resp["SSHPublicKey"]["SSHPublicKeyId"] - resp["SSHPublicKey"]["Status"].should.equal("Active") + assert resp["SSHPublicKey"]["Status"] == "Active" resp = client.update_ssh_public_key( UserName=username, SSHPublicKeyId=ssh_public_key_id, Status="Inactive" @@ -2324,7 +2347,7 @@ def test_update_ssh_public_key(): resp = client.get_ssh_public_key( UserName=username, SSHPublicKeyId=ssh_public_key_id, Encoding="SSH" ) - resp["SSHPublicKey"]["Status"].should.equal("Inactive") + assert resp["SSHPublicKey"]["Status"] == "Inactive" @mock_iam @@ -2344,14 +2367,14 @@ def test_delete_ssh_public_key(): ssh_public_key_id = resp["SSHPublicKey"]["SSHPublicKeyId"] resp = client.list_ssh_public_keys(UserName=username) - resp["SSHPublicKeys"].should.have.length_of(1) + assert len(resp["SSHPublicKeys"]) == 1 resp = client.delete_ssh_public_key( UserName=username, SSHPublicKeyId=ssh_public_key_id ) resp = client.list_ssh_public_keys(UserName=username) - resp["SSHPublicKeys"].should.have.length_of(0) + assert len(resp["SSHPublicKeys"]) == 0 @mock_iam @@ -2595,8 +2618,9 @@ def test_create_saml_provider(): response = conn.create_saml_provider( Name="TestSAMLProvider", SAMLMetadataDocument="a" * 1024 ) - response["SAMLProviderArn"].should.equal( - f"arn:aws:iam::{ACCOUNT_ID}:saml-provider/TestSAMLProvider" + assert ( + response["SAMLProviderArn"] + == f"arn:aws:iam::{ACCOUNT_ID}:saml-provider/TestSAMLProvider" ) @@ -2609,7 +2633,7 @@ def test_get_saml_provider(): response = conn.get_saml_provider( SAMLProviderArn=saml_provider_create["SAMLProviderArn"] ) - response["SAMLMetadataDocument"].should.equal("a" * 1024) + assert response["SAMLMetadataDocument"] == "a" * 1024 @mock_iam() @@ -2617,8 +2641,9 @@ def test_list_saml_providers(): conn = boto3.client("iam", region_name="us-east-1") conn.create_saml_provider(Name="TestSAMLProvider", SAMLMetadataDocument="a" * 1024) response = conn.list_saml_providers() - response["SAMLProviderList"][0]["Arn"].should.equal( - f"arn:aws:iam::{ACCOUNT_ID}:saml-provider/TestSAMLProvider" + assert ( + response["SAMLProviderList"][0]["Arn"] + == f"arn:aws:iam::{ACCOUNT_ID}:saml-provider/TestSAMLProvider" ) @@ -2629,10 +2654,10 @@ def test_delete_saml_provider(): Name="TestSAMLProvider", SAMLMetadataDocument="a" * 1024 ) response = conn.list_saml_providers() - len(response["SAMLProviderList"]).should.equal(1) + assert len(response["SAMLProviderList"]) == 1 conn.delete_saml_provider(SAMLProviderArn=saml_provider_create["SAMLProviderArn"]) response = conn.list_saml_providers() - len(response["SAMLProviderList"]).should.equal(0) + assert len(response["SAMLProviderList"]) == 0 conn.create_user(UserName="testing") cert_id = "123456789012345678901234" @@ -3078,27 +3103,27 @@ def test_list_entities_for_policy(): EntityFilter="Role", ) assert response["PolicyRoles"][0]["RoleName"] == "my-role" - response["PolicyRoles"][0].should.have.key("RoleId") - response["PolicyGroups"].should.equal([]) - response["PolicyUsers"].should.equal([]) + assert "RoleId" in response["PolicyRoles"][0] + assert response["PolicyGroups"] == [] + assert response["PolicyUsers"] == [] response = conn.list_entities_for_policy( PolicyArn=f"arn:aws:iam::{ACCOUNT_ID}:policy/testPolicy", EntityFilter="User", ) assert response["PolicyUsers"][0]["UserName"] == "testUser" - response["PolicyUsers"][0].should.have.key("UserId") - response["PolicyGroups"].should.equal([]) - response["PolicyRoles"].should.equal([]) + assert "UserId" in response["PolicyUsers"][0] + assert response["PolicyGroups"] == [] + assert response["PolicyRoles"] == [] response = conn.list_entities_for_policy( PolicyArn=f"arn:aws:iam::{ACCOUNT_ID}:policy/testPolicy", EntityFilter="Group", ) assert response["PolicyGroups"][0]["GroupName"] == "testGroup" - response["PolicyGroups"][0].should.have.key("GroupId") - response["PolicyRoles"].should.equal([]) - response["PolicyUsers"].should.equal([]) + assert "GroupId" in response["PolicyGroups"][0] + assert response["PolicyRoles"] == [] + assert response["PolicyUsers"] == [] response = conn.list_entities_for_policy( PolicyArn=f"arn:aws:iam::{ACCOUNT_ID}:policy/testPolicy", @@ -3108,21 +3133,21 @@ def test_list_entities_for_policy(): assert response["PolicyUsers"][0]["UserName"] == "testUser" assert response["PolicyRoles"][0]["RoleName"] == "my-role" - response["PolicyGroups"][0].should.have.key("GroupId") - response["PolicyUsers"][0].should.have.key("UserId") - response["PolicyRoles"][0].should.have.key("RoleId") + assert "GroupId" in response["PolicyGroups"][0] + assert "UserId" in response["PolicyUsers"][0] + assert "RoleId" in response["PolicyRoles"][0] # Return everything when no entity is specified response = conn.list_entities_for_policy( PolicyArn=f"arn:aws:iam::{ACCOUNT_ID}:policy/testPolicy" ) - response["PolicyGroups"][0]["GroupName"].should.equal("testGroup") - response["PolicyUsers"][0]["UserName"].should.equal("testUser") - response["PolicyRoles"][0]["RoleName"].should.equal("my-role") + assert response["PolicyGroups"][0]["GroupName"] == "testGroup" + assert response["PolicyUsers"][0]["UserName"] == "testUser" + assert response["PolicyRoles"][0]["RoleName"] == "my-role" - response["PolicyGroups"][0].should.have.key("GroupId") - response["PolicyUsers"][0].should.have.key("UserId") - response["PolicyRoles"][0].should.have.key("RoleId") + assert "GroupId" in response["PolicyGroups"][0] + assert "UserId" in response["PolicyUsers"][0] + assert "RoleId" in response["PolicyRoles"][0] @mock_iam() @@ -3131,9 +3156,9 @@ def test_create_role_no_path(): resp = conn.create_role( RoleName="my-role", AssumeRolePolicyDocument="some policy", Description="test" ) - resp.get("Role").get("Arn").should.equal(f"arn:aws:iam::{ACCOUNT_ID}:role/my-role") - resp.get("Role").should_not.have.key("PermissionsBoundary") - resp.get("Role").get("Description").should.equal("test") + assert resp["Role"].get("Arn") == f"arn:aws:iam::{ACCOUNT_ID}:role/my-role" + assert "PermissionsBoundary" not in resp["Role"] + assert resp["Role"]["Description"] == "test" @mock_iam() @@ -3150,14 +3175,14 @@ def test_create_role_with_permissions_boundary(): "PermissionsBoundaryType": "PermissionsBoundaryPolicy", "PermissionsBoundaryArn": boundary, } - resp.get("Role").get("PermissionsBoundary").should.equal(expected) - resp.get("Role").get("Description").should.equal("test") + assert resp["Role"].get("PermissionsBoundary") == expected + assert resp["Role"]["Description"] == "test" conn.delete_role_permissions_boundary(RoleName="my-role") - conn.list_roles().get("Roles")[0].should_not.have.key("PermissionsBoundary") + assert "PermissionsBoundary" not in conn.list_roles()["Roles"][0] conn.put_role_permissions_boundary(RoleName="my-role", PermissionsBoundary=boundary) - resp.get("Role").get("PermissionsBoundary").should.equal(expected) + assert resp["Role"].get("PermissionsBoundary") == expected invalid_boundary_arn = "arn:aws:iam::123456789:not_a_boundary" @@ -3175,7 +3200,7 @@ def test_create_role_with_permissions_boundary(): ) # Ensure the PermissionsBoundary is included in role listing as well - conn.list_roles().get("Roles")[0].get("PermissionsBoundary").should.equal(expected) + assert conn.list_roles()["Roles"][0].get("PermissionsBoundary") == expected @mock_iam @@ -3192,9 +3217,10 @@ def test_create_role_with_same_name_should_fail(): AssumeRolePolicyDocument="policy", Description="test", ) - err.value.response["Error"]["Code"].should.equal("EntityAlreadyExists") - err.value.response["Error"]["Message"].should.equal( - f"Role with name {test_role_name} already exists." + assert err.value.response["Error"]["Code"] == "EntityAlreadyExists" + assert ( + err.value.response["Error"]["Message"] + == f"Role with name {test_role_name} already exists." ) @@ -3206,9 +3232,10 @@ def test_create_policy_with_same_name_should_fail(): # Create the role again, and verify that it fails with pytest.raises(ClientError) as err: iam.create_policy(PolicyName=test_policy_name, PolicyDocument=MOCK_POLICY) - err.value.response["Error"]["Code"].should.equal("EntityAlreadyExists") - err.value.response["Error"]["Message"].should.equal( - f"A policy called {test_policy_name} already exists. Duplicate names are not allowed." + assert err.value.response["Error"]["Code"] == "EntityAlreadyExists" + assert ( + err.value.response["Error"]["Message"] + == f"A policy called {test_policy_name} already exists. Duplicate names are not allowed." ) @@ -3219,35 +3246,30 @@ def test_update_account_password_policy(): client.update_account_password_policy() response = client.get_account_password_policy() - response["PasswordPolicy"].should.equal( - { - "AllowUsersToChangePassword": False, - "ExpirePasswords": False, - "MinimumPasswordLength": 6, - "RequireLowercaseCharacters": False, - "RequireNumbers": False, - "RequireSymbols": False, - "RequireUppercaseCharacters": False, - "HardExpiry": False, - } - ) + assert response["PasswordPolicy"] == { + "AllowUsersToChangePassword": False, + "ExpirePasswords": False, + "MinimumPasswordLength": 6, + "RequireLowercaseCharacters": False, + "RequireNumbers": False, + "RequireSymbols": False, + "RequireUppercaseCharacters": False, + "HardExpiry": False, + } @mock_iam def test_update_account_password_policy_errors(): client = boto3.client("iam", region_name="us-east-1") - client.update_account_password_policy.when.called_with( - MaxPasswordAge=1096, MinimumPasswordLength=129, PasswordReusePrevention=25 - ).should.throw( - ClientError, - "3 validation errors detected: " - 'Value "129" at "minimumPasswordLength" failed to satisfy constraint: ' - "Member must have value less than or equal to 128; " - 'Value "25" at "passwordReusePrevention" failed to satisfy constraint: ' - "Member must have value less than or equal to 24; " - 'Value "1096" at "maxPasswordAge" failed to satisfy constraint: ' - "Member must have value less than or equal to 1095", + with pytest.raises(ClientError) as exc: + client.update_account_password_policy( + MaxPasswordAge=1096, MinimumPasswordLength=129, PasswordReusePrevention=25 + ) + err = exc.value.response["Error"] + assert ( + err["Message"] + == '3 validation errors detected: Value "129" at "minimumPasswordLength" failed to satisfy constraint: Member must have value less than or equal to 128; Value "25" at "passwordReusePrevention" failed to satisfy constraint: Member must have value less than or equal to 24; Value "1096" at "maxPasswordAge" failed to satisfy constraint: Member must have value less than or equal to 1095' ) @@ -3268,29 +3290,30 @@ def test_get_account_password_policy(): response = client.get_account_password_policy() - response["PasswordPolicy"].should.equal( - { - "AllowUsersToChangePassword": True, - "ExpirePasswords": True, - "HardExpiry": True, - "MaxPasswordAge": 60, - "MinimumPasswordLength": 10, - "PasswordReusePrevention": 3, - "RequireLowercaseCharacters": True, - "RequireNumbers": True, - "RequireSymbols": True, - "RequireUppercaseCharacters": True, - } - ) + assert response["PasswordPolicy"] == { + "AllowUsersToChangePassword": True, + "ExpirePasswords": True, + "HardExpiry": True, + "MaxPasswordAge": 60, + "MinimumPasswordLength": 10, + "PasswordReusePrevention": 3, + "RequireLowercaseCharacters": True, + "RequireNumbers": True, + "RequireSymbols": True, + "RequireUppercaseCharacters": True, + } @mock_iam def test_get_account_password_policy_errors(): client = boto3.client("iam", region_name="us-east-1") - client.get_account_password_policy.when.called_with().should.throw( - ClientError, - f"The Password Policy with domain name {ACCOUNT_ID} cannot be found.", + with pytest.raises(ClientError) as exc: + client.get_account_password_policy() + err = exc.value.response["Error"] + assert ( + err["Message"] + == f"The Password Policy with domain name {ACCOUNT_ID} cannot be found." ) @@ -3301,13 +3324,16 @@ def test_delete_account_password_policy(): response = client.get_account_password_policy() - response.should.have.key("PasswordPolicy").which.should.be.a(dict) + assert isinstance(response["PasswordPolicy"], dict) client.delete_account_password_policy() - client.get_account_password_policy.when.called_with().should.throw( - ClientError, - f"The Password Policy with domain name {ACCOUNT_ID} cannot be found.", + with pytest.raises(ClientError) as exc: + client.get_account_password_policy() + err = exc.value.response["Error"] + assert ( + err["Message"] + == f"The Password Policy with domain name {ACCOUNT_ID} cannot be found." ) @@ -3318,43 +3344,41 @@ def test_get_account_summary(): account_summary = iam.AccountSummary() - account_summary.summary_map.should.equal( - { - "GroupPolicySizeQuota": 5120, - "InstanceProfilesQuota": 1000, - "Policies": 0, - "GroupsPerUserQuota": 10, - "InstanceProfiles": 0, - "AttachedPoliciesPerUserQuota": 10, - "Users": 0, - "PoliciesQuota": 1500, - "Providers": 0, - "AccountMFAEnabled": 0, - "AccessKeysPerUserQuota": 2, - "AssumeRolePolicySizeQuota": 2048, - "PolicyVersionsInUseQuota": 10000, - "GlobalEndpointTokenVersion": 1, - "VersionsPerPolicyQuota": 5, - "AttachedPoliciesPerGroupQuota": 10, - "PolicySizeQuota": 6144, - "Groups": 0, - "AccountSigningCertificatesPresent": 0, - "UsersQuota": 5000, - "ServerCertificatesQuota": 20, - "MFADevices": 0, - "UserPolicySizeQuota": 2048, - "PolicyVersionsInUse": 1, - "ServerCertificates": 0, - "Roles": 0, - "RolesQuota": 1000, - "SigningCertificatesPerUserQuota": 2, - "MFADevicesInUse": 0, - "RolePolicySizeQuota": 10240, - "AttachedPoliciesPerRoleQuota": 10, - "AccountAccessKeysPresent": 0, - "GroupsQuota": 300, - } - ) + assert account_summary.summary_map == { + "GroupPolicySizeQuota": 5120, + "InstanceProfilesQuota": 1000, + "Policies": 0, + "GroupsPerUserQuota": 10, + "InstanceProfiles": 0, + "AttachedPoliciesPerUserQuota": 10, + "Users": 0, + "PoliciesQuota": 1500, + "Providers": 0, + "AccountMFAEnabled": 0, + "AccessKeysPerUserQuota": 2, + "AssumeRolePolicySizeQuota": 2048, + "PolicyVersionsInUseQuota": 10000, + "GlobalEndpointTokenVersion": 1, + "VersionsPerPolicyQuota": 5, + "AttachedPoliciesPerGroupQuota": 10, + "PolicySizeQuota": 6144, + "Groups": 0, + "AccountSigningCertificatesPresent": 0, + "UsersQuota": 5000, + "ServerCertificatesQuota": 20, + "MFADevices": 0, + "UserPolicySizeQuota": 2048, + "PolicyVersionsInUse": 1, + "ServerCertificates": 0, + "Roles": 0, + "RolesQuota": 1000, + "SigningCertificatesPerUserQuota": 2, + "MFADevicesInUse": 0, + "RolePolicySizeQuota": 10240, + "AttachedPoliciesPerRoleQuota": 10, + "AccountAccessKeysPresent": 0, + "GroupsQuota": 300, + } client.create_instance_profile(InstanceProfileName="test-profile") client.create_open_id_connect_provider(Url="https://example.com", ThumbprintList=[]) @@ -3390,43 +3414,41 @@ def test_get_account_summary(): ) account_summary.load() - account_summary.summary_map.should.equal( - { - "GroupPolicySizeQuota": 5120, - "InstanceProfilesQuota": 1000, - "Policies": 1, - "GroupsPerUserQuota": 10, - "InstanceProfiles": 1, - "AttachedPoliciesPerUserQuota": 10, - "Users": 1, - "PoliciesQuota": 1500, - "Providers": 2, - "AccountMFAEnabled": 0, - "AccessKeysPerUserQuota": 2, - "AssumeRolePolicySizeQuota": 2048, - "PolicyVersionsInUseQuota": 10000, - "GlobalEndpointTokenVersion": 1, - "VersionsPerPolicyQuota": 5, - "AttachedPoliciesPerGroupQuota": 10, - "PolicySizeQuota": 6144, - "Groups": 1, - "AccountSigningCertificatesPresent": 0, - "UsersQuota": 5000, - "ServerCertificatesQuota": 20, - "MFADevices": 1, - "UserPolicySizeQuota": 2048, - "PolicyVersionsInUse": 4, - "ServerCertificates": 1, - "Roles": 1, - "RolesQuota": 1000, - "SigningCertificatesPerUserQuota": 2, - "MFADevicesInUse": 1, - "RolePolicySizeQuota": 10240, - "AttachedPoliciesPerRoleQuota": 10, - "AccountAccessKeysPresent": 0, - "GroupsQuota": 300, - } - ) + assert account_summary.summary_map == { + "GroupPolicySizeQuota": 5120, + "InstanceProfilesQuota": 1000, + "Policies": 1, + "GroupsPerUserQuota": 10, + "InstanceProfiles": 1, + "AttachedPoliciesPerUserQuota": 10, + "Users": 1, + "PoliciesQuota": 1500, + "Providers": 2, + "AccountMFAEnabled": 0, + "AccessKeysPerUserQuota": 2, + "AssumeRolePolicySizeQuota": 2048, + "PolicyVersionsInUseQuota": 10000, + "GlobalEndpointTokenVersion": 1, + "VersionsPerPolicyQuota": 5, + "AttachedPoliciesPerGroupQuota": 10, + "PolicySizeQuota": 6144, + "Groups": 1, + "AccountSigningCertificatesPresent": 0, + "UsersQuota": 5000, + "ServerCertificatesQuota": 20, + "MFADevices": 1, + "UserPolicySizeQuota": 2048, + "PolicyVersionsInUse": 4, + "ServerCertificates": 1, + "Roles": 1, + "RolesQuota": 1000, + "SigningCertificatesPerUserQuota": 2, + "MFADevicesInUse": 1, + "RolePolicySizeQuota": 10240, + "AttachedPoliciesPerRoleQuota": 10, + "AccountAccessKeysPresent": 0, + "GroupsQuota": 300, + } @mock_iam() @@ -3445,18 +3467,19 @@ def test_list_user_tags(): ], ) response = conn.list_user_tags(UserName="kenny-bania") - response["Tags"].should.have.length_of(0) - response["IsTruncated"].should.equal(False) + assert len(response["Tags"]) == 0 + assert response["IsTruncated"] is False response = conn.list_user_tags(UserName="jackie-chiles") - response["Tags"].should.equal([{"Key": "Sue-Allen", "Value": "Oh-Henry"}]) - response["IsTruncated"].should.equal(False) + assert response["Tags"] == [{"Key": "Sue-Allen", "Value": "Oh-Henry"}] + assert response["IsTruncated"] is False response = conn.list_user_tags(UserName="cosmo") - response["Tags"].should.equal( - [{"Key": "Stan", "Value": "The Caddy"}, {"Key": "like-a", "Value": "glove"}] - ) - response["IsTruncated"].should.equal(False) + assert response["Tags"] == [ + {"Key": "Stan", "Value": "The Caddy"}, + {"Key": "like-a", "Value": "glove"}, + ] + assert response["IsTruncated"] is False @mock_iam() @@ -3482,8 +3505,11 @@ def test_delete_role_with_instance_profiles_present(): def test_delete_account_password_policy_errors(): client = boto3.client("iam", region_name="us-east-1") - client.delete_account_password_policy.when.called_with().should.throw( - ClientError, "The account policy with name PasswordPolicy cannot be found." + with pytest.raises(ClientError) as exc: + client.delete_account_password_policy() + err = exc.value.response["Error"] + assert ( + err["Message"] == "The account policy with name PasswordPolicy cannot be found." ) @@ -4586,20 +4612,20 @@ def test_list_roles_with_description(desc): resp = conn.create_role( RoleName="my-role", AssumeRolePolicyDocument="some policy", Description=desc ) - resp.get("Role").get("Description").should.equal(desc) + assert resp["Role"]["Description"] == desc # Ensure the Description is included in role listing as well - conn.list_roles().get("Roles")[0].get("Description").should.equal(desc) + assert conn.list_roles()["Roles"][0]["Description"] == desc @mock_iam() def test_list_roles_without_description(): conn = boto3.client("iam", region_name="us-east-1") resp = conn.create_role(RoleName="my-role", AssumeRolePolicyDocument="some policy") - resp.get("Role").should_not.have.key("Description") + assert "Description" not in resp["Role"] # Ensure the Description is not included in role listing as well - conn.list_roles().get("Roles")[0].should_not.have.key("Description") + assert "Description" not in conn.list_roles()["Roles"][0] @mock_iam() @@ -4608,7 +4634,7 @@ def test_list_roles_includes_max_session_duration(): conn.create_role(RoleName="my-role", AssumeRolePolicyDocument="some policy") # Ensure the MaxSessionDuration is included in the role listing - conn.list_roles().get("Roles")[0].should.have.key("MaxSessionDuration") + assert "MaxSessionDuration" in conn.list_roles()["Roles"][0] @mock_iam() @@ -4645,7 +4671,7 @@ def test_tag_user(): # then response = client.list_user_tags(UserName=name) - sorted(response["Tags"], key=lambda item: item["Key"]).should.equal(tags) + assert sorted(response["Tags"], key=lambda item: item["Key"]) == tags @mock_iam @@ -4660,11 +4686,11 @@ def test_tag_user_error_unknown_user_name(): # then ex = e.value - ex.operation_name.should.equal("TagUser") - ex.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(404) - ex.response["Error"]["Code"].should.contain("NoSuchEntity") - ex.response["Error"]["Message"].should.equal( - f"The user with name {name} cannot be found." + assert ex.operation_name == "TagUser" + assert ex.response["ResponseMetadata"]["HTTPStatusCode"] == 404 + assert "NoSuchEntity" in ex.response["Error"]["Code"] + assert ( + ex.response["Error"]["Message"] == f"The user with name {name} cannot be found." ) @@ -4683,7 +4709,7 @@ def test_untag_user(): # then response = client.list_user_tags(UserName=name) - response["Tags"].should.equal([{"Key": "key", "Value": "value"}]) + assert response["Tags"] == [{"Key": "key", "Value": "value"}] @mock_iam @@ -4698,11 +4724,11 @@ def test_untag_user_error_unknown_user_name(): # then ex = e.value - ex.operation_name.should.equal("UntagUser") - ex.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(404) - ex.response["Error"]["Code"].should.contain("NoSuchEntity") - ex.response["Error"]["Message"].should.equal( - f"The user with name {name} cannot be found." + assert ex.operation_name == "UntagUser" + assert ex.response["ResponseMetadata"]["HTTPStatusCode"] == 404 + assert "NoSuchEntity" in ex.response["Error"]["Code"] + assert ( + ex.response["Error"]["Message"] == f"The user with name {name} cannot be found." ) @@ -4726,7 +4752,7 @@ def test_create_service_linked_role(service, cased): AWSServiceName=f"{service}.amazonaws.com", Description="desc" )["Role"] - resp.should.have.key("RoleName").equals(f"AWSServiceRoleFor{cased}") + assert resp["RoleName"] == f"AWSServiceRoleFor{cased}" @mock_iam @@ -4739,19 +4765,16 @@ def test_create_service_linked_role__with_suffix(): Description="desc", )["Role"] - resp.should.have.key("RoleName").match("_suf$") - resp.should.have.key("Description").equals("desc") - resp.should.have.key("AssumeRolePolicyDocument") + assert resp["RoleName"].endswith("_suf") + assert resp["Description"] == "desc" policy_doc = resp["AssumeRolePolicyDocument"] - policy_doc.should.have.key("Statement").equals( - [ - { - "Action": ["sts:AssumeRole"], - "Effect": "Allow", - "Principal": {"Service": ["autoscaling.amazonaws.com"]}, - } - ] - ) + assert policy_doc["Statement"] == [ + { + "Action": ["sts:AssumeRole"], + "Effect": "Allow", + "Principal": {"Service": ["autoscaling.amazonaws.com"]}, + } + ] @mock_iam @@ -4769,17 +4792,16 @@ def test_delete_service_linked_role(): # Delete role resp = client.delete_service_linked_role(RoleName=role_name) - resp.should.have.key("DeletionTaskId") # Role deletion should be successful resp = client.get_service_linked_role_deletion_status( DeletionTaskId=resp["DeletionTaskId"] ) - resp.should.have.key("Status").equals("SUCCEEDED") + assert resp["Status"] == "SUCCEEDED" # Role no longer exists with pytest.raises(ClientError) as ex: client.get_role(RoleName=role_name) err = ex.value.response["Error"] - err["Code"].should.equal("NoSuchEntity") - err["Message"].should.contain("not found") + assert err["Code"] == "NoSuchEntity" + assert "not found" in err["Message"] diff --git a/tests/test_iam/test_iam_access_integration.py b/tests/test_iam/test_iam_access_integration.py index 1c4451e9f..70a8c03fe 100644 --- a/tests/test_iam/test_iam_access_integration.py +++ b/tests/test_iam/test_iam_access_integration.py @@ -20,6 +20,6 @@ def test_invoking_ec2_mark_access_key_as_used(): last_used = c_iam.get_access_key_last_used( AccessKeyId=key["AccessKey"]["AccessKeyId"] )["AccessKeyLastUsed"] - last_used.should.have.key("LastUsedDate") - last_used.should.have.key("ServiceName").equals("ec2") - last_used.should.have.key("Region").equals("us-east-2") + assert "LastUsedDate" in last_used + assert last_used["ServiceName"] == "ec2" + assert last_used["Region"] == "us-east-2" diff --git a/tests/test_iam/test_iam_account_aliases.py b/tests/test_iam/test_iam_account_aliases.py index 998db7f91..8b128c891 100644 --- a/tests/test_iam/test_iam_account_aliases.py +++ b/tests/test_iam/test_iam_account_aliases.py @@ -1,5 +1,4 @@ import boto3 -import sure # noqa # pylint: disable=unused-import from moto import mock_iam @@ -9,12 +8,12 @@ def test_account_aliases(): alias = "my-account-name" aliases = client.list_account_aliases() - aliases.should.have.key("AccountAliases").which.should.equal([]) + assert aliases["AccountAliases"] == [] client.create_account_alias(AccountAlias=alias) aliases = client.list_account_aliases() - aliases.should.have.key("AccountAliases").which.should.equal([alias]) + assert aliases["AccountAliases"] == [alias] client.delete_account_alias(AccountAlias=alias) aliases = client.list_account_aliases() - aliases.should.have.key("AccountAliases").which.should.equal([]) + assert aliases["AccountAliases"] == [] diff --git a/tests/test_iam/test_iam_cloudformation.py b/tests/test_iam/test_iam_cloudformation.py index dbf4e21a4..3bad1805c 100644 --- a/tests/test_iam/test_iam_cloudformation.py +++ b/tests/test_iam/test_iam_cloudformation.py @@ -1,7 +1,6 @@ import boto3 import json import yaml -import sure # noqa # pylint: disable=unused-import import pytest from botocore.exceptions import ClientError @@ -87,8 +86,8 @@ Resources: provisioned_resource = cf_client.list_stack_resources(StackName=stack_name)[ "StackResourceSummaries" ][0] - provisioned_resource["LogicalResourceId"].should.equal("TheUser") - provisioned_resource["PhysicalResourceId"].should.equal(user_name) + assert provisioned_resource["LogicalResourceId"] == "TheUser" + assert provisioned_resource["PhysicalResourceId"] == user_name @mock_iam @@ -112,7 +111,7 @@ Resources: iam_client = boto3.client("iam", region_name="us-east-1") user = iam_client.get_user(UserName=user_name)["User"] - user["Path"].should.equal("/") + assert user["Path"] == "/" path = "/MyPath/" template = """ @@ -128,7 +127,7 @@ Resources: cf_client.update_stack(StackName=stack_name, TemplateBody=template) user = iam_client.get_user(UserName=user_name)["User"] - user["Path"].should.equal(path) + assert user["Path"] == path @mock_iam @@ -152,7 +151,7 @@ Resources: iam_client = boto3.client("iam", region_name="us-east-1") user = iam_client.get_user(UserName=original_user_name)["User"] - user["Path"].should.equal("/") + assert user["Path"] == "/" new_user_name = "MyUser" template = """ @@ -169,7 +168,7 @@ Resources: with pytest.raises(ClientError) as e: iam_client.get_user(UserName=original_user_name) - e.value.response["Error"]["Code"].should.equal("NoSuchEntity") + assert e.value.response["Error"]["Code"] == "NoSuchEntity" iam_client.get_user(UserName=new_user_name) @@ -222,18 +221,18 @@ Resources: provisioned_resources = cf_client.list_stack_resources(StackName=stack_name)[ "StackResourceSummaries" ] - len(provisioned_resources).should.equal(1) + assert len(provisioned_resources) == 1 second_provisioned_user = [ resource for resource in provisioned_resources if resource["LogicalResourceId"] == "TheSecondUser" ][0] - second_user_name.should.equal(second_provisioned_user["PhysicalResourceId"]) + assert second_user_name == second_provisioned_user["PhysicalResourceId"] iam_client.get_user(UserName=second_user_name) with pytest.raises(ClientError) as e: iam_client.get_user(UserName=first_user_name) - e.value.response["Error"]["Code"].should.equal("NoSuchEntity") + assert e.value.response["Error"]["Code"] == "NoSuchEntity" @mock_iam @@ -263,7 +262,7 @@ Resources: with pytest.raises(ClientError) as e: iam_client.get_user(UserName=user_name) - e.value.response["Error"]["Code"].should.equal("NoSuchEntity") + assert e.value.response["Error"]["Code"] == "NoSuchEntity" @mock_iam @@ -283,7 +282,7 @@ Resources: provisioned_resource = cf_client.list_stack_resources(StackName=stack_name)[ "StackResourceSummaries" ][0] - provisioned_resource["LogicalResourceId"].should.equal("TheUser") + assert provisioned_resource["LogicalResourceId"] == "TheUser" user_name = provisioned_resource["PhysicalResourceId"] iam_client = boto3.client("iam", region_name="us-east-1") @@ -293,7 +292,7 @@ Resources: with pytest.raises(ClientError) as e: iam_client.get_user(UserName=user_name) - e.value.response["Error"]["Code"].should.equal("NoSuchEntity") + assert e.value.response["Error"]["Code"] == "NoSuchEntity" @mock_iam @@ -334,7 +333,7 @@ Outputs: iam_client = boto3.client("iam", region_name="us-east-1") user_description = iam_client.get_user(UserName=output_user_name)["User"] - output_user_arn.should.equal(user_description["Arn"]) + assert output_user_arn == user_description["Arn"] # AWS::IAM::ManagedPolicy Tests @@ -364,24 +363,22 @@ Resources: "StackResourceSummaries" ][0] logical_resource_id = provisioned_resource["LogicalResourceId"] - logical_resource_id.should.equal("ThePolicy") + assert logical_resource_id == "ThePolicy" policy_arn = provisioned_resource["PhysicalResourceId"] - policy_arn.should.match( - f"arn:aws:iam::{ACCOUNT_ID}:policy/MyStack-ThePolicy-[A-Z0-9]+" - ) + assert policy_arn.startswith(f"arn:aws:iam::{ACCOUNT_ID}:policy/MyStack-ThePolicy-") expected_name = policy_arn.split("/")[1] response = iam_client.list_entities_for_policy(PolicyArn=policy_arn) - response.should.have.key("PolicyGroups").equal([]) - response.should.have.key("PolicyUsers").equal([]) - response.should.have.key("PolicyRoles").equal([]) + assert response["PolicyGroups"] == [] + assert response["PolicyUsers"] == [] + assert response["PolicyRoles"] == [] policy = iam_client.get_policy(PolicyArn=policy_arn)["Policy"] - policy.should.have.key("Arn").equal(policy_arn) - policy.should.have.key("PolicyName").equal(expected_name) - policy.should.have.key("Description").equal("") - policy.should.have.key("Path").equal("/") + assert policy["Arn"] == policy_arn + assert policy["PolicyName"] == expected_name + assert policy["Description"] == "" + assert policy["Path"] == "/" @mock_iam @@ -417,16 +414,16 @@ Resources: "StackResourceSummaries" ][0] logical_resource_id = provisioned_resource["LogicalResourceId"] - logical_resource_id.should.equal("ThePolicy") + assert logical_resource_id == "ThePolicy" policy_arn = provisioned_resource["PhysicalResourceId"] - policy_arn.should.equal(f"arn:aws:iam::{ACCOUNT_ID}:policy/{name}") + assert policy_arn == f"arn:aws:iam::{ACCOUNT_ID}:policy/{name}" policy = iam_client.get_policy(PolicyArn=policy_arn)["Policy"] - policy.should.have.key("Arn").equal(policy_arn) - policy.should.have.key("Path").equal("/") - policy.should.have.key("Description").equal(desc) - policy.should.have.key("PolicyName").equal(name) + assert policy["Arn"] == policy_arn + assert policy["Path"] == "/" + assert policy["Description"] == desc + assert policy["PolicyName"] == name @mock_iam @@ -465,19 +462,17 @@ Resources: "StackResourceSummaries" ][0] logical_resource_id = provisioned_resource["LogicalResourceId"] - logical_resource_id.should.equal("ThePolicy") + assert logical_resource_id == "ThePolicy" policy_arn = provisioned_resource["PhysicalResourceId"] - policy_arn.should.match( - f"rn:aws:iam::{ACCOUNT_ID}:policy/MyStack-ThePolicy-[A-Z0-9]+" - ) + assert policy_arn.startswith(f"arn:aws:iam::{ACCOUNT_ID}:policy/MyStack-ThePolicy-") response = iam_client.list_entities_for_policy(PolicyArn=policy_arn) - response.should.have.key("PolicyUsers").equal([]) - response.should.have.key("PolicyRoles").equal([]) + assert response["PolicyUsers"] == [] + assert response["PolicyRoles"] == [] - response["PolicyGroups"][0]["GroupName"].should.be.equal(group_name) - response["PolicyGroups"][0].should.have.key("GroupId") + assert response["PolicyGroups"][0]["GroupName"] == group_name + assert "GroupId" in response["PolicyGroups"][0] @mock_iam @@ -516,19 +511,17 @@ Resources: "StackResourceSummaries" ][0] logical_resource_id = provisioned_resource["LogicalResourceId"] - logical_resource_id.should.equal("ThePolicy") + assert logical_resource_id == "ThePolicy" policy_arn = provisioned_resource["PhysicalResourceId"] - policy_arn.should.match( - f"rn:aws:iam::{ACCOUNT_ID}:policy/MyStack-ThePolicy-[A-Z0-9]+" - ) + assert policy_arn.startswith(f"arn:aws:iam::{ACCOUNT_ID}:policy/MyStack-ThePolicy-") response = iam_client.list_entities_for_policy(PolicyArn=policy_arn) - response.should.have.key("PolicyGroups").equal([]) - response.should.have.key("PolicyRoles").equal([]) + assert response["PolicyGroups"] == [] + assert response["PolicyRoles"] == [] - response["PolicyUsers"][0]["UserName"].should.be.equal(user_name) - response["PolicyUsers"][0].should.have.key("UserId") + assert response["PolicyUsers"][0]["UserName"] == user_name + assert "UserId" in response["PolicyUsers"][0] @mock_iam @@ -567,19 +560,17 @@ Resources: "StackResourceSummaries" ][0] logical_resource_id = provisioned_resource["LogicalResourceId"] - logical_resource_id.should.equal("ThePolicy") + assert logical_resource_id == "ThePolicy" policy_arn = provisioned_resource["PhysicalResourceId"] - policy_arn.should.match( - f"rn:aws:iam::{ACCOUNT_ID}:policy/MyStack-ThePolicy-[A-Z0-9]+" - ) + assert policy_arn.startswith(f"arn:aws:iam::{ACCOUNT_ID}:policy/MyStack-ThePolicy-") response = iam_client.list_entities_for_policy(PolicyArn=policy_arn) - response.should.have.key("PolicyGroups").equal([]) - response.should.have.key("PolicyUsers").equal([]) + assert response["PolicyGroups"] == [] + assert response["PolicyUsers"] == [] - response["PolicyRoles"][0]["RoleName"].should.be.equal(role_name) - response["PolicyRoles"][0].should.have.key("RoleId") + assert response["PolicyRoles"][0]["RoleName"] == role_name + assert "RoleId" in response["PolicyRoles"][0] # AWS::IAM::Policy Tests @@ -624,13 +615,13 @@ Resources: "StackResourceSummaries" ][0] logical_resource_id = provisioned_resource["LogicalResourceId"] - logical_resource_id.should.equal("ThePolicy") + assert logical_resource_id == "ThePolicy" original_policy_document = yaml.load(template, Loader=yaml.FullLoader)["Resources"][ logical_resource_id ]["Properties"]["PolicyDocument"] policy = iam_client.get_user_policy(UserName=user_name, PolicyName=policy_name) - policy["PolicyDocument"].should.equal(original_policy_document) + assert policy["PolicyDocument"] == original_policy_document @mock_s3 @@ -676,13 +667,13 @@ Resources: "StackResourceSummaries" ][0] logical_resource_id = provisioned_resource["LogicalResourceId"] - logical_resource_id.should.equal("ThePolicy") + assert logical_resource_id == "ThePolicy" original_policy_document = yaml.load(template, Loader=yaml.FullLoader)["Resources"][ logical_resource_id ]["Properties"]["PolicyDocument"] policy = iam_client.get_user_policy(UserName=user_name_1, PolicyName=policy_name) - policy["PolicyDocument"].should.equal(original_policy_document) + assert policy["PolicyDocument"] == original_policy_document # Change template and user template = """ @@ -709,17 +700,16 @@ Resources: "StackResourceSummaries" ][0] logical_resource_id = provisioned_resource["LogicalResourceId"] - logical_resource_id.should.equal("ThePolicy") + assert logical_resource_id == "ThePolicy" original_policy_document = yaml.load(template, Loader=yaml.FullLoader)["Resources"][ logical_resource_id ]["Properties"]["PolicyDocument"] policy = iam_client.get_user_policy(UserName=user_name_2, PolicyName=policy_name) - policy["PolicyDocument"].should.equal(original_policy_document) + assert policy["PolicyDocument"] == original_policy_document - iam_client.get_user_policy.when.called_with( - UserName=user_name_1, PolicyName=policy_name - ).should.throw(iam_client.exceptions.NoSuchEntityException) + with pytest.raises(ClientError): + iam_client.get_user_policy(UserName=user_name_1, PolicyName=policy_name) @mock_s3 @@ -763,18 +753,17 @@ Resources: "StackResourceSummaries" ][0] logical_resource_id = provisioned_resource["LogicalResourceId"] - logical_resource_id.should.equal("ThePolicy") + assert logical_resource_id == "ThePolicy" original_policy_document = yaml.load(template, Loader=yaml.FullLoader)["Resources"][ logical_resource_id ]["Properties"]["PolicyDocument"] policy = iam_client.get_user_policy(UserName=user_name, PolicyName=policy_name) - policy["PolicyDocument"].should.equal(original_policy_document) + assert policy["PolicyDocument"] == original_policy_document cf_client.delete_stack(StackName=stack_name) - iam_client.get_user_policy.when.called_with( - UserName=user_name, PolicyName=policy_name - ).should.throw(iam_client.exceptions.NoSuchEntityException) + with pytest.raises(ClientError): + iam_client.get_user_policy(UserName=user_name, PolicyName=policy_name) @mock_s3 @@ -818,13 +807,13 @@ Resources: "StackResourceSummaries" ][0] logical_resource_id = provisioned_resource["LogicalResourceId"] - logical_resource_id.should.equal("ThePolicy") + assert logical_resource_id == "ThePolicy" original_policy_document = yaml.load(template, Loader=yaml.FullLoader)["Resources"][ logical_resource_id ]["Properties"]["PolicyDocument"] policy = iam_client.get_role_policy(RoleName=role_name, PolicyName=policy_name) - policy["PolicyDocument"].should.equal(original_policy_document) + assert policy["PolicyDocument"] == original_policy_document @mock_s3 @@ -870,13 +859,13 @@ Resources: "StackResourceSummaries" ][0] logical_resource_id = provisioned_resource["LogicalResourceId"] - logical_resource_id.should.equal("ThePolicy") + assert logical_resource_id == "ThePolicy" original_policy_document = yaml.load(template, Loader=yaml.FullLoader)["Resources"][ logical_resource_id ]["Properties"]["PolicyDocument"] policy = iam_client.get_role_policy(RoleName=role_name_1, PolicyName=policy_name) - policy["PolicyDocument"].should.equal(original_policy_document) + assert policy["PolicyDocument"] == original_policy_document # Change template and user template = """ @@ -903,17 +892,16 @@ Resources: "StackResourceSummaries" ][0] logical_resource_id = provisioned_resource["LogicalResourceId"] - logical_resource_id.should.equal("ThePolicy") + assert logical_resource_id == "ThePolicy" original_policy_document = yaml.load(template, Loader=yaml.FullLoader)["Resources"][ logical_resource_id ]["Properties"]["PolicyDocument"] policy = iam_client.get_role_policy(RoleName=role_name_2, PolicyName=policy_name) - policy["PolicyDocument"].should.equal(original_policy_document) + assert policy["PolicyDocument"] == original_policy_document - iam_client.get_role_policy.when.called_with( - RoleName=role_name_1, PolicyName=policy_name - ).should.throw(iam_client.exceptions.NoSuchEntityException) + with pytest.raises(ClientError): + iam_client.get_role_policy(RoleName=role_name_1, PolicyName=policy_name) @mock_s3 @@ -957,18 +945,18 @@ Resources: "StackResourceSummaries" ][0] logical_resource_id = provisioned_resource["LogicalResourceId"] - logical_resource_id.should.equal("ThePolicy") + assert logical_resource_id == "ThePolicy" original_policy_document = yaml.load(template, Loader=yaml.FullLoader)["Resources"][ logical_resource_id ]["Properties"]["PolicyDocument"] policy = iam_client.get_role_policy(RoleName=role_name, PolicyName=policy_name) - policy["PolicyDocument"].should.equal(original_policy_document) + assert policy["PolicyDocument"] == original_policy_document cf_client.delete_stack(StackName=stack_name) - iam_client.get_role_policy.when.called_with( - RoleName=role_name, PolicyName=policy_name - ).should.throw(iam_client.exceptions.NoSuchEntityException) + with pytest.raises(ClientError) as exc: + iam_client.get_role_policy(RoleName=role_name, PolicyName=policy_name) + assert exc.value.response["Error"]["Code"] == "NoSuchEntity" @mock_s3 @@ -1012,13 +1000,13 @@ Resources: "StackResourceSummaries" ][0] logical_resource_id = provisioned_resource["LogicalResourceId"] - logical_resource_id.should.equal("ThePolicy") + assert logical_resource_id == "ThePolicy" original_policy_document = yaml.load(template, Loader=yaml.FullLoader)["Resources"][ logical_resource_id ]["Properties"]["PolicyDocument"] policy = iam_client.get_group_policy(GroupName=group_name, PolicyName=policy_name) - policy["PolicyDocument"].should.equal(original_policy_document) + assert policy["PolicyDocument"] == original_policy_document @mock_s3 @@ -1064,13 +1052,13 @@ Resources: "StackResourceSummaries" ][0] logical_resource_id = provisioned_resource["LogicalResourceId"] - logical_resource_id.should.equal("ThePolicy") + assert logical_resource_id == "ThePolicy" original_policy_document = yaml.load(template, Loader=yaml.FullLoader)["Resources"][ logical_resource_id ]["Properties"]["PolicyDocument"] policy = iam_client.get_group_policy(GroupName=group_name_1, PolicyName=policy_name) - policy["PolicyDocument"].should.equal(original_policy_document) + assert policy["PolicyDocument"] == original_policy_document # Change template and user template = """ @@ -1097,17 +1085,17 @@ Resources: "StackResourceSummaries" ][0] logical_resource_id = provisioned_resource["LogicalResourceId"] - logical_resource_id.should.equal("ThePolicy") + assert logical_resource_id == "ThePolicy" original_policy_document = yaml.load(template, Loader=yaml.FullLoader)["Resources"][ logical_resource_id ]["Properties"]["PolicyDocument"] policy = iam_client.get_group_policy(GroupName=group_name_2, PolicyName=policy_name) - policy["PolicyDocument"].should.equal(original_policy_document) + assert policy["PolicyDocument"] == original_policy_document - iam_client.get_group_policy.when.called_with( - GroupName=group_name_1, PolicyName=policy_name - ).should.throw(iam_client.exceptions.NoSuchEntityException) + with pytest.raises(ClientError) as exc: + iam_client.get_group_policy(GroupName=group_name_1, PolicyName=policy_name) + assert exc.value.response["Error"]["Code"] == "NoSuchEntity" @mock_s3 @@ -1151,18 +1139,18 @@ Resources: "StackResourceSummaries" ][0] logical_resource_id = provisioned_resource["LogicalResourceId"] - logical_resource_id.should.equal("ThePolicy") + assert logical_resource_id == "ThePolicy" original_policy_document = yaml.load(template, Loader=yaml.FullLoader)["Resources"][ logical_resource_id ]["Properties"]["PolicyDocument"] policy = iam_client.get_group_policy(GroupName=group_name, PolicyName=policy_name) - policy["PolicyDocument"].should.equal(original_policy_document) + assert policy["PolicyDocument"] == original_policy_document cf_client.delete_stack(StackName=stack_name) - iam_client.get_group_policy.when.called_with( - GroupName=group_name, PolicyName=policy_name - ).should.throw(iam_client.exceptions.NoSuchEntityException) + with pytest.raises(ClientError) as exc: + iam_client.get_group_policy(GroupName=group_name, PolicyName=policy_name) + assert exc.value.response["Error"]["Code"] == "NoSuchEntity" # AWS::IAM::User AccessKeys @@ -1201,13 +1189,13 @@ Resources: for resource in provisioned_resources if resource["LogicalResourceId"] == "TheAccessKey" ] - len(provisioned_access_keys).should.equal(1) + assert len(provisioned_access_keys) == 1 iam_client = boto3.client("iam", region_name="us-east-1") user = iam_client.get_user(UserName=user_name)["User"] - user["UserName"].should.equal(user_name) + assert user["UserName"] == user_name access_keys = iam_client.list_access_keys(UserName=user_name) - access_keys["AccessKeyMetadata"][0]["UserName"].should.equal(user_name) + assert access_keys["AccessKeyMetadata"][0]["UserName"] == user_name @mock_sts @@ -1264,7 +1252,7 @@ Outputs: region_name="us-east-1", ) caller_identity = sts_client.get_caller_identity() - caller_identity["Arn"].split("/")[1].should.equal(user_name) + assert caller_identity["Arn"].split("/")[1] == user_name pass @@ -1303,25 +1291,26 @@ def test_iam_cloudformation_delete_users_access_key(): for resource in provisioned_resources if resource["LogicalResourceId"] == "TheAccessKey" ] - provisioned_access_keys.should.have.length_of(1) + assert len(provisioned_access_keys) == 1 access_key_id = provisioned_access_keys[0]["PhysicalResourceId"] iam_client = boto3.client("iam", region_name="us-east-1") user = iam_client.get_user(UserName=user_name)["User"] - user["UserName"].should.equal(user_name) + assert user["UserName"] == user_name access_keys = iam_client.list_access_keys(UserName=user_name) - access_keys["AccessKeyMetadata"][0]["AccessKeyId"].should.equal(access_key_id) - access_keys["AccessKeyMetadata"][0]["UserName"].should.equal(user_name) - access_key_id.should.equal(access_keys["AccessKeyMetadata"][0]["AccessKeyId"]) + assert access_keys["AccessKeyMetadata"][0]["AccessKeyId"] == access_key_id + assert access_keys["AccessKeyMetadata"][0]["UserName"] == user_name + assert access_key_id == access_keys["AccessKeyMetadata"][0]["AccessKeyId"] cf_client.delete_stack(StackName=stack_name) - iam_client.get_user.when.called_with(UserName=user_name).should.throw( - iam_client.exceptions.NoSuchEntityException - ) - iam_client.list_access_keys.when.called_with(UserName=user_name).should.throw( - iam_client.exceptions.NoSuchEntityException - ) + with pytest.raises(ClientError) as exc: + iam_client.get_user(UserName=user_name) + assert exc.value.response["Error"]["Code"] == "NoSuchEntity" + + with pytest.raises(ClientError) as exc: + iam_client.list_access_keys(UserName=user_name) + assert exc.value.response["Error"]["Code"] == "NoSuchEntity" @mock_iam @@ -1364,7 +1353,7 @@ Resources: iam_client = boto3.client("iam", region_name="us-east-1") iam_client.get_user(UserName=user_name) access_keys = iam_client.list_access_keys(UserName=user_name) - access_key_id.should.equal(access_keys["AccessKeyMetadata"][0]["AccessKeyId"]) + assert access_key_id == access_keys["AccessKeyMetadata"][0]["AccessKeyId"] template = """ Resources: @@ -1378,7 +1367,7 @@ Resources: cf_client.update_stack(StackName=stack_name, TemplateBody=template) access_keys = iam_client.list_access_keys(UserName=user_name) - access_keys["AccessKeyMetadata"][0]["Status"].should.equal("Inactive") + assert access_keys["AccessKeyMetadata"][0]["Status"] == "Inactive" @mock_iam @@ -1421,7 +1410,7 @@ Resources: iam_client = boto3.client("iam", region_name="us-east-1") iam_client.get_user(UserName=user_name) access_keys = iam_client.list_access_keys(UserName=user_name) - access_key_id.should.equal(access_keys["AccessKeyMetadata"][0]["AccessKeyId"]) + assert access_key_id == access_keys["AccessKeyMetadata"][0]["AccessKeyId"] other_user_name = "MyUser" iam_client.create_user(UserName=other_user_name) @@ -1441,10 +1430,10 @@ Resources: cf_client.update_stack(StackName=stack_name, TemplateBody=template) access_keys = iam_client.list_access_keys(UserName=user_name) - len(access_keys["AccessKeyMetadata"]).should.equal(0) + assert len(access_keys["AccessKeyMetadata"]) == 0 access_keys = iam_client.list_access_keys(UserName=other_user_name) - access_key_id.should_not.equal(access_keys["AccessKeyMetadata"][0]["AccessKeyId"]) + assert access_key_id != access_keys["AccessKeyMetadata"][0]["AccessKeyId"] @mock_iam @@ -1461,14 +1450,14 @@ def test_iam_cloudformation_create_role(): "StackResourceSummaries" ] role = [res for res in resources if res["ResourceType"] == "AWS::IAM::Role"][0] - role["LogicalResourceId"].should.equal("RootRole") + assert role["LogicalResourceId"] == "RootRole" iam_client = boto3.client("iam", region_name="us-east-1") - iam_client.list_roles()["Roles"].should.have.length_of(1) + assert len(iam_client.list_roles()["Roles"]) == 1 cf_client.delete_stack(StackName=stack_name) - iam_client.list_roles()["Roles"].should.have.length_of(0) + assert len(iam_client.list_roles()["Roles"]) == 0 @mock_iam @@ -1486,23 +1475,23 @@ def test_iam_cloudformation_create_role_and_instance_profile(): "StackResourceSummaries" ] role = [res for res in resources if res["ResourceType"] == "AWS::IAM::Role"][0] - role["LogicalResourceId"].should.equal("RootRole") - role["PhysicalResourceId"].should.equal(role_name) + assert role["LogicalResourceId"] == "RootRole" + assert role["PhysicalResourceId"] == role_name profile = [ res for res in resources if res["ResourceType"] == "AWS::IAM::InstanceProfile" ][0] - profile["LogicalResourceId"].should.equal("RootInstanceProfile") - profile["PhysicalResourceId"].should.contain( - stack_name + assert profile["LogicalResourceId"] == "RootInstanceProfile" + assert ( + stack_name in profile["PhysicalResourceId"] ) # e.g. MyStack-RootInstanceProfile-73Y4H4ALFW3N - profile["PhysicalResourceId"].should.contain("RootInstanceProfile") + assert "RootInstanceProfile" in profile["PhysicalResourceId"] iam_client = boto3.client("iam", region_name="us-east-1") - iam_client.list_roles()["Roles"].should.have.length_of(1) + assert len(iam_client.list_roles()["Roles"]) == 1 cf_client.delete_stack(StackName=stack_name) - iam_client.list_roles()["Roles"].should.have.length_of(0) + assert len(iam_client.list_roles()["Roles"]) == 0 @mock_autoscaling @@ -1611,14 +1600,14 @@ def test_iam_roles(): # Role name is not specified, so randomly generated - can't check exact name if "with-path" in role["RoleName"]: role_name_to_id["with-path"] = role["RoleId"] - role["Path"].should.equal("/my-path/") + assert role["Path"] == "/my-path/" else: role_name_to_id["no-path"] = role["RoleId"] - role["RoleName"].should.equal("my-role-no-path-name") - role["Path"].should.equal("/") + assert role["RoleName"] == "my-role-no-path-name" + assert role["Path"] == "/" instance_profile_responses = iam.list_instance_profiles()["InstanceProfiles"] - instance_profile_responses.should.have.length_of(2) + assert len(instance_profile_responses) == 2 instance_profile_names = [] for instance_profile_response in instance_profile_responses: @@ -1626,26 +1615,22 @@ def test_iam_roles(): InstanceProfileName=instance_profile_response["InstanceProfileName"] )["InstanceProfile"] instance_profile_names.append(instance_profile["InstanceProfileName"]) - instance_profile["InstanceProfileName"].should.contain("my-instance-profile") + assert "my-instance-profile" in instance_profile["InstanceProfileName"] if "with-path" in instance_profile["InstanceProfileName"]: - instance_profile["Path"].should.equal("my-path") - instance_profile["Roles"][0]["RoleId"].should.equal( - role_name_to_id["with-path"] + assert instance_profile["Path"] == "my-path" + assert ( + instance_profile["Roles"][0]["RoleId"] == role_name_to_id["with-path"] ) else: - instance_profile["InstanceProfileName"].should.contain("no-path") - instance_profile["Roles"][0]["RoleId"].should.equal( - role_name_to_id["no-path"] - ) - instance_profile["Path"].should.equal("/") + assert "no-path" in instance_profile["InstanceProfileName"] + assert instance_profile["Roles"][0]["RoleId"] == role_name_to_id["no-path"] + assert instance_profile["Path"] == "/" autoscale = boto3.client("autoscaling", region_name="us-west-1") launch_config = autoscale.describe_launch_configurations()["LaunchConfigurations"][ 0 ] - launch_config.should.have.key("IamInstanceProfile").should.contain( - "my-instance-profile-with-path" - ) + assert "my-instance-profile-with-path" in launch_config["IamInstanceProfile"] resources = cf.list_stack_resources(StackName="test_stack")[ "StackResourceSummaries" @@ -1655,8 +1640,8 @@ def test_iam_roles(): for resource in resources if resource["ResourceType"] == "AWS::IAM::InstanceProfile" ] - {ip["PhysicalResourceId"] for ip in instance_profile_resources}.should.equal( - set(instance_profile_names) + assert {ip["PhysicalResourceId"] for ip in instance_profile_resources} == set( + instance_profile_names ) role_resources = [ @@ -1664,4 +1649,4 @@ def test_iam_roles(): for resource in resources if resource["ResourceType"] == "AWS::IAM::Role" ] - {r["PhysicalResourceId"] for r in role_resources}.should.equal(set(role_names)) + assert {r["PhysicalResourceId"] for r in role_resources} == set(role_names) diff --git a/tests/test_iam/test_iam_groups.py b/tests/test_iam/test_iam_groups.py index 58976757f..4fd3b59b5 100644 --- a/tests/test_iam/test_iam_groups.py +++ b/tests/test_iam/test_iam_groups.py @@ -1,7 +1,6 @@ from datetime import datetime import boto3 -import sure # noqa # pylint: disable=unused-import import json import pytest @@ -32,28 +31,28 @@ def test_create_group(): with pytest.raises(ClientError) as ex: conn.create_group(GroupName="my-group") err = ex.value.response["Error"] - err["Code"].should.equal("Group my-group already exists") - err["Message"].should.equal(None) + assert err["Code"] == "Group my-group already exists" + assert err["Message"] is None @mock_iam def test_get_group(): conn = boto3.client("iam", region_name="us-east-1") created = conn.create_group(GroupName="my-group")["Group"] - created["Path"].should.equal("/") - created["GroupName"].should.equal("my-group") - created.should.have.key("GroupId") - created["Arn"].should.equal(f"arn:aws:iam::{ACCOUNT_ID}:group/my-group") - created["CreateDate"].should.be.a(datetime) + assert created["Path"] == "/" + assert created["GroupName"] == "my-group" + assert "GroupId" in created + assert created["Arn"] == f"arn:aws:iam::{ACCOUNT_ID}:group/my-group" + assert isinstance(created["CreateDate"], datetime) retrieved = conn.get_group(GroupName="my-group")["Group"] - retrieved.should.equal(created) + assert retrieved == created with pytest.raises(ClientError) as ex: conn.get_group(GroupName="not-group") err = ex.value.response["Error"] - err["Code"].should.equal("NoSuchEntity") - err["Message"].should.equal("Group not-group not found") + assert err["Code"] == "NoSuchEntity" + assert err["Message"] == "Group not-group not found" @mock_iam() @@ -84,7 +83,7 @@ def test_get_all_groups(): conn.create_group(GroupName="my-group1") conn.create_group(GroupName="my-group2") groups = conn.list_groups()["Groups"] - groups.should.have.length_of(2) + assert len(groups) == 2 @mock_iam @@ -93,8 +92,8 @@ def test_add_unknown_user_to_group(): with pytest.raises(ClientError) as ex: conn.add_user_to_group(GroupName="my-group", UserName="my-user") err = ex.value.response["Error"] - err["Code"].should.equal("NoSuchEntity") - err["Message"].should.equal("The user with name my-user cannot be found.") + assert err["Code"] == "NoSuchEntity" + assert err["Message"] == "The user with name my-user cannot be found." @mock_iam @@ -104,8 +103,8 @@ def test_add_user_to_unknown_group(): with pytest.raises(ClientError) as ex: conn.add_user_to_group(GroupName="my-group", UserName="my-user") err = ex.value.response["Error"] - err["Code"].should.equal("NoSuchEntity") - err["Message"].should.equal("Group my-group not found") + assert err["Code"] == "NoSuchEntity" + assert err["Message"] == "Group my-group not found" @mock_iam @@ -146,8 +145,8 @@ def test_remove_user_from_unknown_group(): with pytest.raises(ClientError) as ex: conn.remove_user_from_group(GroupName="my-group", UserName="my-user") err = ex.value.response["Error"] - err["Code"].should.equal("NoSuchEntity") - err["Message"].should.equal("Group my-group not found") + assert err["Code"] == "NoSuchEntity" + assert err["Message"] == "Group my-group not found" @mock_iam @@ -158,8 +157,8 @@ def test_remove_nonattached_user_from_group(): with pytest.raises(ClientError) as ex: conn.remove_user_from_group(GroupName="my-group", UserName="my-user") err = ex.value.response["Error"] - err["Code"].should.equal("NoSuchEntity") - err["Message"].should.equal("User my-user not in group my-group") + assert err["Code"] == "NoSuchEntity" + assert err["Message"] == "User my-user not in group my-group" @mock_iam @@ -180,12 +179,12 @@ def test_add_user_should_be_idempotent(): conn.add_user_to_group(GroupName="my-group", UserName="my-user") conn.add_user_to_group(GroupName="my-group", UserName="my-user") - conn.list_groups_for_user(UserName="my-user")["Groups"].should.have.length_of(1) + assert len(conn.list_groups_for_user(UserName="my-user")["Groups"]) == 1 # Which means that if we remove one, none should be left conn.remove_user_from_group(GroupName="my-group", UserName="my-user") - conn.list_groups_for_user(UserName="my-user")["Groups"].should.have.length_of(0) + assert len(conn.list_groups_for_user(UserName="my-user")["Groups"]) == 0 @mock_iam @@ -199,7 +198,7 @@ def test_get_groups_for_user(): conn.add_user_to_group(GroupName="my-group2", UserName="my-user") groups = conn.list_groups_for_user(UserName="my-user")["Groups"] - groups.should.have.length_of(2) + assert len(groups) == 2 @mock_iam @@ -215,24 +214,25 @@ def test_put_group_policy(): def test_attach_group_policies(): conn = boto3.client("iam", region_name="us-east-1") conn.create_group(GroupName="my-group") - conn.list_attached_group_policies(GroupName="my-group")[ - "AttachedPolicies" - ].should.be.empty - policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role" - conn.list_attached_group_policies(GroupName="my-group")[ - "AttachedPolicies" - ].should.be.empty - conn.attach_group_policy(GroupName="my-group", PolicyArn=policy_arn) - conn.list_attached_group_policies(GroupName="my-group")[ - "AttachedPolicies" - ].should.equal( - [{"PolicyName": "AmazonElasticMapReduceforEC2Role", "PolicyArn": policy_arn}] + assert ( + conn.list_attached_group_policies(GroupName="my-group")["AttachedPolicies"] + == [] ) + policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role" + assert ( + conn.list_attached_group_policies(GroupName="my-group")["AttachedPolicies"] + == [] + ) + conn.attach_group_policy(GroupName="my-group", PolicyArn=policy_arn) + assert conn.list_attached_group_policies(GroupName="my-group")[ + "AttachedPolicies" + ] == [{"PolicyName": "AmazonElasticMapReduceforEC2Role", "PolicyArn": policy_arn}] conn.detach_group_policy(GroupName="my-group", PolicyArn=policy_arn) - conn.list_attached_group_policies(GroupName="my-group")[ - "AttachedPolicies" - ].should.be.empty + assert ( + conn.list_attached_group_policies(GroupName="my-group")["AttachedPolicies"] + == [] + ) @mock_iam @@ -242,29 +242,29 @@ def test_get_group_policy(): with pytest.raises(ClientError) as ex: conn.get_group_policy(GroupName="my-group", PolicyName="my-policy") err = ex.value.response["Error"] - err["Code"].should.equal("NoSuchEntity") - err["Message"].should.equal("Policy my-policy not found") + assert err["Code"] == "NoSuchEntity" + assert err["Message"] == "Policy my-policy not found" conn.put_group_policy( GroupName="my-group", PolicyName="my-policy", PolicyDocument=MOCK_POLICY ) policy = conn.get_group_policy(GroupName="my-group", PolicyName="my-policy") - policy["GroupName"].should.equal("my-group") - policy["PolicyName"].should.equal("my-policy") - policy["PolicyDocument"].should.equal(json.loads(MOCK_POLICY)) + assert policy["GroupName"] == "my-group" + assert policy["PolicyName"] == "my-policy" + assert policy["PolicyDocument"] == json.loads(MOCK_POLICY) @mock_iam() def test_list_group_policies(): conn = boto3.client("iam", region_name="us-east-1") conn.create_group(GroupName="my-group") - conn.list_group_policies(GroupName="my-group")["PolicyNames"].should.be.empty + assert conn.list_group_policies(GroupName="my-group")["PolicyNames"] == [] conn.put_group_policy( GroupName="my-group", PolicyName="my-policy", PolicyDocument=MOCK_POLICY ) - conn.list_group_policies(GroupName="my-group")["PolicyNames"].should.equal( - ["my-policy"] - ) + assert conn.list_group_policies(GroupName="my-group")["PolicyNames"] == [ + "my-policy" + ] @mock_iam @@ -275,7 +275,7 @@ def test_delete_group(): assert groups["Groups"][0]["GroupName"] == "my-group" assert len(groups["Groups"]) == 1 conn.delete_group(GroupName="my-group") - conn.list_groups()["Groups"].should.be.empty + assert conn.list_groups()["Groups"] == [] @mock_iam @@ -283,9 +283,10 @@ def test_delete_unknown_group(): conn = boto3.client("iam", region_name="us-east-1") with pytest.raises(ClientError) as err: conn.delete_group(GroupName="unknown-group") - err.value.response["Error"]["Code"].should.equal("NoSuchEntity") - err.value.response["Error"]["Message"].should.equal( - "The group with name unknown-group cannot be found." + assert err.value.response["Error"]["Code"] == "NoSuchEntity" + assert ( + err.value.response["Error"]["Message"] + == "The group with name unknown-group cannot be found." ) @@ -300,13 +301,13 @@ def test_update_group_name(): # The old group-name should no longer exist with pytest.raises(ClientError) as exc: conn.get_group(GroupName="my-group") - exc.value.response["Error"]["Code"].should.equal("NoSuchEntity") + assert exc.value.response["Error"]["Code"] == "NoSuchEntity" result = conn.get_group(GroupName="new-group")["Group"] - result["Path"].should.equal("/") - result["GroupName"].should.equal("new-group") - result["GroupId"].should.equal(initial_group["GroupId"]) - result["Arn"].should.match(":group/new-group") + assert result["Path"] == "/" + assert result["GroupName"] == "new-group" + assert result["GroupId"] == initial_group["GroupId"] + assert ":group/new-group" in result["Arn"] @mock_iam @@ -318,7 +319,7 @@ def test_update_group_name_that_has_a_path(): # Verify the path hasn't changed new = conn.get_group(GroupName="new-group")["Group"] - new["Path"].should.equal("/path") + assert new["Path"] == "/path" @mock_iam @@ -332,7 +333,7 @@ def test_update_group_path(): # Verify the path has changed new = conn.get_group(GroupName="new-group")["Group"] - new["Path"].should.equal("/new-path") + assert new["Path"] == "/new-path" @mock_iam @@ -342,8 +343,8 @@ def test_update_group_that_does_not_exist(): with pytest.raises(ClientError) as exc: conn.update_group(GroupName="nonexisting", NewGroupName="..") err = exc.value.response["Error"] - err["Code"].should.equal("NoSuchEntity") - err["Message"].should.equal("The group with name nonexisting cannot be found.") + assert err["Code"] == "NoSuchEntity" + assert err["Message"] == "The group with name nonexisting cannot be found." @mock_iam @@ -355,5 +356,5 @@ def test_update_group_with_existing_name(): with pytest.raises(ClientError) as exc: conn.update_group(GroupName="existing1", NewGroupName="existing2") err = exc.value.response["Error"] - err["Code"].should.equal("Conflict") - err["Message"].should.equal("Group existing2 already exists") + assert err["Code"] == "Conflict" + assert err["Message"] == "Group existing2 already exists" diff --git a/tests/test_iam/test_iam_oidc.py b/tests/test_iam/test_iam_oidc.py index 9f9557afd..c1d0f2e28 100644 --- a/tests/test_iam/test_iam_oidc.py +++ b/tests/test_iam/test_iam_oidc.py @@ -1,5 +1,4 @@ import boto3 -import sure # noqa # pylint: disable=unused-import from botocore.exceptions import ClientError from moto import mock_iam @@ -17,32 +16,36 @@ def test_create_open_id_connect_provider(): ThumbprintList=[], # even it is required to provide at least one thumbprint, AWS accepts an empty list ) - response["OpenIDConnectProviderArn"].should.equal( - f"arn:aws:iam::{ACCOUNT_ID}:oidc-provider/example.com" + assert ( + response["OpenIDConnectProviderArn"] + == f"arn:aws:iam::{ACCOUNT_ID}:oidc-provider/example.com" ) response = client.create_open_id_connect_provider( Url="http://example.org", ThumbprintList=["b" * 40], ClientIDList=["b"] ) - response["OpenIDConnectProviderArn"].should.equal( - f"arn:aws:iam::{ACCOUNT_ID}:oidc-provider/example.org" + assert ( + response["OpenIDConnectProviderArn"] + == f"arn:aws:iam::{ACCOUNT_ID}:oidc-provider/example.org" ) response = client.create_open_id_connect_provider( Url="http://example.org/oidc", ThumbprintList=[] ) - response["OpenIDConnectProviderArn"].should.equal( - f"arn:aws:iam::{ACCOUNT_ID}:oidc-provider/example.org/oidc" + assert ( + response["OpenIDConnectProviderArn"] + == f"arn:aws:iam::{ACCOUNT_ID}:oidc-provider/example.org/oidc" ) response = client.create_open_id_connect_provider( Url="http://example.org/oidc-query?test=true", ThumbprintList=[] ) - response["OpenIDConnectProviderArn"].should.equal( - f"arn:aws:iam::{ACCOUNT_ID}:oidc-provider/example.org/oidc-query" + assert ( + response["OpenIDConnectProviderArn"] + == f"arn:aws:iam::{ACCOUNT_ID}:oidc-provider/example.org/oidc-query" ) @@ -57,9 +60,9 @@ def test_create_open_id_connect_provider_with_tags(): open_id_arn = response["OpenIDConnectProviderArn"] response = client.get_open_id_connect_provider(OpenIDConnectProviderArn=open_id_arn) - response.should.have.key("Tags").length_of(2) - response["Tags"].should.contain({"Key": "k1", "Value": "v1"}) - response["Tags"].should.contain({"Key": "k2", "Value": "v2"}) + assert len(response["Tags"]) == 2 + assert {"Key": "k1", "Value": "v1"} in response["Tags"] + assert {"Key": "k2", "Value": "v2"} in response["Tags"] @pytest.mark.parametrize("url", ["example.org", "example"]) @@ -69,7 +72,7 @@ def test_create_open_id_connect_provider_invalid_url(url): with pytest.raises(ClientError) as e: client.create_open_id_connect_provider(Url=url, ThumbprintList=[]) msg = e.value.response["Error"]["Message"] - msg.should.contain("Invalid Open ID Connect Provider URL") + assert "Invalid Open ID Connect Provider URL" in msg @mock_iam @@ -77,9 +80,12 @@ def test_create_open_id_connect_provider_errors(): client = boto3.client("iam", region_name="us-east-1") client.create_open_id_connect_provider(Url="https://example.com", ThumbprintList=[]) - client.create_open_id_connect_provider.when.called_with( - Url="https://example.com", ThumbprintList=[] - ).should.throw(ClientError, "Unknown") + with pytest.raises(ClientError) as exc: + client.create_open_id_connect_provider( + Url="https://example.com", ThumbprintList=[] + ) + err = exc.value.response["Error"] + assert err["Message"] == "Unknown" @mock_iam @@ -99,7 +105,7 @@ def test_create_open_id_connect_provider_too_many_entries(): ], ) msg = e.value.response["Error"]["Message"] - msg.should.contain("Thumbprint list must contain fewer than 5 entries.") + assert "Thumbprint list must contain fewer than 5 entries." in msg @mock_iam @@ -114,7 +120,7 @@ def test_create_open_id_connect_provider_quota_error(): ClientIDList=too_many_client_ids, ) msg = e.value.response["Error"]["Message"] - msg.should.contain("Cannot exceed quota for ClientIdsPerOpenIdConnectProvider: 100") + assert "Cannot exceed quota for ClientIdsPerOpenIdConnectProvider: 100" in msg @mock_iam @@ -131,15 +137,15 @@ def test_create_open_id_connect_provider_multiple_errors(): ClientIDList=[too_long_client_id], ) msg = e.value.response["Error"]["Message"] - msg.should.contain("3 validation errors detected:") - msg.should.contain('"clientIDList" failed to satisfy constraint:') - msg.should.contain("Member must have length less than or equal to 255") - msg.should.contain("Member must have length greater than or equal to 1") - msg.should.contain('"thumbprintList" failed to satisfy constraint:') - msg.should.contain("Member must have length less than or equal to 40") - msg.should.contain("Member must have length greater than or equal to 40") - msg.should.contain('"url" failed to satisfy constraint:') - msg.should.contain("Member must have length less than or equal to 255") + assert "3 validation errors detected:" in msg + assert '"clientIDList" failed to satisfy constraint:' in msg + assert "Member must have length less than or equal to 255" in msg + assert "Member must have length greater than or equal to 1" in msg + assert '"thumbprintList" failed to satisfy constraint:' in msg + assert "Member must have length less than or equal to 40" in msg + assert "Member must have length greater than or equal to 40" in msg + assert '"url" failed to satisfy constraint:' in msg + assert "Member must have length less than or equal to 255" in msg @mock_iam @@ -152,11 +158,10 @@ def test_delete_open_id_connect_provider(): client.delete_open_id_connect_provider(OpenIDConnectProviderArn=open_id_arn) - client.get_open_id_connect_provider.when.called_with( - OpenIDConnectProviderArn=open_id_arn - ).should.throw( - ClientError, f"OpenIDConnect Provider not found for arn {open_id_arn}" - ) + with pytest.raises(ClientError) as exc: + client.get_open_id_connect_provider(OpenIDConnectProviderArn=open_id_arn) + err = exc.value.response["Error"] + assert err["Message"] == f"OpenIDConnect Provider not found for arn {open_id_arn}" # deleting a non existing provider should be successful client.delete_open_id_connect_provider(OpenIDConnectProviderArn=open_id_arn) @@ -172,10 +177,10 @@ def test_get_open_id_connect_provider(): response = client.get_open_id_connect_provider(OpenIDConnectProviderArn=open_id_arn) - response["Url"].should.equal("example.com") - response["ThumbprintList"].should.equal(["b" * 40]) - response["ClientIDList"].should.equal(["b"]) - response.should.have.key("CreateDate").should.be.a(datetime) + assert response["Url"] == "example.com" + assert response["ThumbprintList"] == ["b" * 40] + assert response["ClientIDList"] == ["b"] + assert isinstance(response["CreateDate"], datetime) @mock_iam @@ -192,10 +197,10 @@ def test_update_open_id_connect_provider(): response = client.get_open_id_connect_provider(OpenIDConnectProviderArn=open_id_arn) - response["Url"].should.equal("example.com") - response["ThumbprintList"].should.have.length_of(2) - response["ThumbprintList"].should.contain("c" * 40) - response["ThumbprintList"].should.contain("d" * 40) + assert response["Url"] == "example.com" + assert len(response["ThumbprintList"]) == 2 + assert "c" * 40 in response["ThumbprintList"] + assert "d" * 40 in response["ThumbprintList"] @mock_iam @@ -207,11 +212,10 @@ def test_get_open_id_connect_provider_errors(): open_id_arn = response["OpenIDConnectProviderArn"] unknown_arn = open_id_arn + "-not-existing" - client.get_open_id_connect_provider.when.called_with( - OpenIDConnectProviderArn=unknown_arn - ).should.throw( - ClientError, f"OpenIDConnect Provider not found for arn {unknown_arn}" - ) + with pytest.raises(ClientError) as exc: + client.get_open_id_connect_provider(OpenIDConnectProviderArn=unknown_arn) + err = exc.value.response["Error"] + assert err["Message"] == f"OpenIDConnect Provider not found for arn {unknown_arn}" @mock_iam @@ -234,9 +238,11 @@ def test_list_open_id_connect_providers(): response = client.list_open_id_connect_providers() - sorted(response["OpenIDConnectProviderList"], key=lambda i: i["Arn"]).should.equal( - [{"Arn": open_id_arn_1}, {"Arn": open_id_arn_2}, {"Arn": open_id_arn_3}] - ) + assert sorted(response["OpenIDConnectProviderList"], key=lambda i: i["Arn"]) == [ + {"Arn": open_id_arn_1}, + {"Arn": open_id_arn_2}, + {"Arn": open_id_arn_3}, + ] @mock_iam @@ -252,9 +258,9 @@ def test_tag_open_id_connect_provider(): ) response = client.get_open_id_connect_provider(OpenIDConnectProviderArn=open_id_arn) - response.should.have.key("Tags").length_of(2) - response["Tags"].should.contain({"Key": "k1", "Value": "v1"}) - response["Tags"].should.contain({"Key": "k2", "Value": "v2"}) + assert len(response["Tags"]) == 2 + assert {"Key": "k1", "Value": "v1"} in response["Tags"] + assert {"Key": "k2", "Value": "v2"} in response["Tags"] @mock_iam @@ -273,8 +279,8 @@ def test_untag_open_id_connect_provider(): ) response = client.get_open_id_connect_provider(OpenIDConnectProviderArn=open_id_arn) - response.should.have.key("Tags").length_of(1) - response["Tags"].should.contain({"Key": "k1", "Value": "v1"}) + assert len(response["Tags"]) == 1 + assert {"Key": "k1", "Value": "v1"} in response["Tags"] @mock_iam @@ -290,9 +296,9 @@ def test_list_open_id_connect_provider_tags(): response = client.list_open_id_connect_provider_tags( OpenIDConnectProviderArn=open_id_arn ) - response.should.have.key("Tags").length_of(2) - response["Tags"].should.contain({"Key": "k1", "Value": "v1"}) - response["Tags"].should.contain({"Key": "k2", "Value": "v2"}) + assert len(response["Tags"]) == 2 + assert {"Key": "k1", "Value": "v1"} in response["Tags"] + assert {"Key": "k2", "Value": "v2"} in response["Tags"] @mock_iam @@ -316,14 +322,13 @@ def test_list_open_id_connect_provider_tags__paginated(): response = client.list_open_id_connect_provider_tags( OpenIDConnectProviderArn=open_id_arn ) - response.should.have.key("Tags").length_of(100) - response.should.have.key("Marker") + assert len(response["Tags"]) == 100 response = client.list_open_id_connect_provider_tags( OpenIDConnectProviderArn=open_id_arn, Marker=response["Marker"] ) - response.should.have.key("Tags").length_of(50) - response.shouldnt.have.key("Marker") + assert len(response["Tags"]) == 50 + assert "Marker" not in response @mock_iam @@ -339,17 +344,15 @@ def test_list_open_id_connect_provider_tags__maxitems(): response = client.list_open_id_connect_provider_tags( OpenIDConnectProviderArn=open_id_arn, MaxItems=4 ) - response.should.have.key("Tags").length_of(4) - response.should.have.key("Marker") + assert len(response["Tags"]) == 4 response = client.list_open_id_connect_provider_tags( OpenIDConnectProviderArn=open_id_arn, Marker=response["Marker"], MaxItems=4 ) - response.should.have.key("Tags").length_of(4) - response.should.have.key("Marker") + assert len(response["Tags"]) == 4 response = client.list_open_id_connect_provider_tags( OpenIDConnectProviderArn=open_id_arn, Marker=response["Marker"] ) - response.should.have.key("Tags").length_of(2) - response.shouldnt.have.key("Marker") + assert len(response["Tags"]) == 2 + assert "Marker" not in response diff --git a/tests/test_iam/test_iam_policies.py b/tests/test_iam/test_iam_policies.py index 4099ac783..b7ffe8984 100644 --- a/tests/test_iam/test_iam_policies.py +++ b/tests/test_iam/test_iam_policies.py @@ -1,10 +1,8 @@ -import json - import boto3 -from botocore.exceptions import ClientError +import json import pytest -import sure # noqa # pylint: disable=unused-import +from botocore.exceptions import ClientError from moto import mock_iam invalid_policy_document_test_cases = [ @@ -1621,11 +1619,10 @@ def test_create_policy_with_invalid_policy_document(invalid_policy_document): PolicyName="TestCreatePolicy", PolicyDocument=json.dumps(invalid_policy_document["document"]), ) - ex.value.response["Error"]["Code"].should.equal("MalformedPolicyDocument") - ex.value.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(400) - ex.value.response["Error"]["Message"].should.equal( - invalid_policy_document["error_message"] - ) + resp = ex.value.response + assert resp["Error"]["Code"] == "MalformedPolicyDocument" + assert resp["ResponseMetadata"]["HTTPStatusCode"] == 400 + assert resp["Error"]["Message"] == invalid_policy_document["error_message"] @pytest.mark.parametrize("valid_policy_document", valid_policy_documents) diff --git a/tests/test_iam/test_iam_server_certificates.py b/tests/test_iam/test_iam_server_certificates.py index 57d2fa853..2065bdca2 100644 --- a/tests/test_iam/test_iam_server_certificates.py +++ b/tests/test_iam/test_iam_server_certificates.py @@ -1,6 +1,5 @@ import boto3 import pytest -import sure # noqa # pylint: disable=unused-import from botocore.exceptions import ClientError from datetime import datetime @@ -19,10 +18,10 @@ def test_get_all_server_certs(): PrivateKey="privatekey", ) certs = conn.list_server_certificates()["ServerCertificateMetadataList"] - certs.should.have.length_of(1) + assert len(certs) == 1 cert1 = certs[0] - cert1["ServerCertificateName"].should.equal("certname") - cert1["Arn"].should.equal(f"arn:aws:iam::{ACCOUNT_ID}:server-certificate/certname") + assert cert1["ServerCertificateName"] == "certname" + assert cert1["Arn"] == f"arn:aws:iam::{ACCOUNT_ID}:server-certificate/certname" @mock_iam @@ -32,9 +31,10 @@ def test_get_server_cert_doesnt_exist(): with pytest.raises(ClientError) as ex: conn.get_server_certificate(ServerCertificateName="NonExistant") err = ex.value.response["Error"] - err["Code"].should.equal("NoSuchEntity") - err["Message"].should.equal( - "The Server Certificate with name NonExistant cannot be found." + assert err["Code"] == "NoSuchEntity" + assert ( + err["Message"] + == "The Server Certificate with name NonExistant cannot be found." ) @@ -50,18 +50,16 @@ def test_get_server_cert(): cert = conn.get_server_certificate(ServerCertificateName="certname")[ "ServerCertificate" ] - cert["CertificateBody"].should.equal("certbody") - cert.shouldnt.have.key("CertificateChain") - cert.shouldnt.have.key("Tags") + assert cert["CertificateBody"] == "certbody" + assert "CertificateChain" not in cert + assert "Tags" not in cert metadata = cert["ServerCertificateMetadata"] - metadata["Path"].should.equal("/") - metadata["ServerCertificateName"].should.equal("certname") - metadata["Arn"].should.equal( - f"arn:aws:iam::{ACCOUNT_ID}:server-certificate/certname" - ) - metadata.should.have.key("ServerCertificateId") - metadata["UploadDate"].should.be.a(datetime) - metadata["Expiration"].should.be.a(datetime) + assert metadata["Path"] == "/" + assert metadata["ServerCertificateName"] == "certname" + assert metadata["Arn"] == f"arn:aws:iam::{ACCOUNT_ID}:server-certificate/certname" + assert "ServerCertificateId" in metadata + assert isinstance(metadata["UploadDate"], datetime) + assert isinstance(metadata["Expiration"], datetime) @mock_iam @@ -79,9 +77,9 @@ def test_delete_server_cert(): with pytest.raises(ClientError) as ex: conn.get_server_certificate(ServerCertificateName="certname") err = ex.value.response["Error"] - err["Code"].should.equal("NoSuchEntity") - err["Message"].should.equal( - "The Server Certificate with name certname cannot be found." + assert err["Code"] == "NoSuchEntity" + assert ( + err["Message"] == "The Server Certificate with name certname cannot be found." ) @@ -92,7 +90,7 @@ def test_delete_unknown_server_cert(): with pytest.raises(ClientError) as ex: conn.delete_server_certificate(ServerCertificateName="certname") err = ex.value.response["Error"] - err["Code"].should.equal("NoSuchEntity") - err["Message"].should.equal( - "The Server Certificate with name certname cannot be found." + assert err["Code"] == "NoSuchEntity" + assert ( + err["Message"] == "The Server Certificate with name certname cannot be found." ) diff --git a/tests/test_iam/test_server.py b/tests/test_iam/test_server.py index 83ee181f2..8a3ed1d6d 100644 --- a/tests/test_iam/test_server.py +++ b/tests/test_iam/test_server.py @@ -1,5 +1,4 @@ import re -import sure # noqa # pylint: disable=unused-import import moto.server as server