Yasuke/moto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Some fixes to get_account_authorization_details

Browse Source
This commit is contained in:
Mike Grima 2019-02-04 13:44:01 -08:00
parent 1a36c0c377
commit dfceab9bf0
2 changed files with 71 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
moto/iam/responses.py
View File

@ -554,7 +554,8 @@ class IamResponse(BaseResponse):
policies=account_details['managed_policies'], policies=account_details['managed_policies'],
users=account_details['users'], users=account_details['users'],
groups=account_details['groups'], groups=account_details['groups'],
roles=account_details['roles'] roles=account_details['roles'],
get_groups_for_user=iam_backend.get_groups_for_user
) )
def create_saml_provider(self): def create_saml_provider(self):
@ -1499,8 +1500,19 @@ GET_ACCOUNT_AUTHORIZATION_DETAILS_TEMPLATE = """<GetAccountAuthorizationDetailsR
<UserDetailList> <UserDetailList>
{% for user in users %} {% for user in users %}
<member> <member>
<GroupList /> <GroupList>
<AttachedManagedPolicies/> {% for group in get_groups_for_user(user.name) %}
<member>{{ group.name }}</member>
{% endfor %}
</GroupList>
<AttachedManagedPolicies>
{% for policy in user.managed_policies %}
<member>
<PolicyName>{{ user.managed_policies[policy].name }}</PolicyName>
<PolicyArn>{{ policy }}</PolicyArn>
</member>
{% endfor %}
</AttachedManagedPolicies>
<UserId>{{ user.id }}</UserId> <UserId>{{ user.id }}</UserId>
<Path>{{ user.path }}</Path> <Path>{{ user.path }}</Path>
<UserName>{{ user.name }}</UserName> <UserName>{{ user.name }}</UserName>
@ -1514,25 +1526,39 @@ GET_ACCOUNT_AUTHORIZATION_DETAILS_TEMPLATE = """<GetAccountAuthorizationDetailsR
<member> <member>
<GroupId>{{ group.id }}</GroupId> <GroupId>{{ group.id }}</GroupId>
<AttachedManagedPolicies> <AttachedManagedPolicies>
{% for policy in group.managed_policies %} {% for policy_arn in group.managed_policies %}
<member> <member>
<PolicyName>{{ policy.name }}</PolicyName> <PolicyName>{{ group.managed_policies[policy_arn].name }}</PolicyName>
<PolicyArn>{{ policy.arn }}</PolicyArn> <PolicyArn>{{ policy_arn }}</PolicyArn>
</member> </member>
{% endfor %} {% endfor %}
</AttachedManagedPolicies> </AttachedManagedPolicies>
<GroupName>{{ group.name }}</GroupName> <GroupName>{{ group.name }}</GroupName>
<Path>{{ group.path }}</Path> <Path>{{ group.path }}</Path>
<Arn>{{ group.arn }}</Arn> <Arn>{{ group.arn }}</Arn>
<CreateDate>{{ group.create_date }}</CreateDate> <CreateDate>{{ group.create_date }}</CreateDate>
<GroupPolicyList/> <GroupPolicyList>
{% for policy in group.policies %}
<member>
<PolicyName>{{ policy }}</PolicyName>
<PolicyDocument>{{ group.get_policy(policy) }}</PolicyDocument>
</member>
{% endfor %}
</GroupPolicyList>
</member> </member>
{% endfor %} {% endfor %}
</GroupDetailList> </GroupDetailList>
<RoleDetailList> <RoleDetailList>
{% for role in roles %} {% for role in roles %}
<member> <member>
<RolePolicyList/> <RolePolicyList>
{% for inline_policy in role.policies %}
<member>
<PolicyName>{{ inline_policy }}</PolicyName>
<PolicyDocument>{{ role.policies[inline_policy] }}</PolicyDocument>
</member>
{% endfor %}
</RolePolicyList>
<AttachedManagedPolicies> <AttachedManagedPolicies>
{% for policy in role.managed_policies %} {% for policy in role.managed_policies %}
<member> <member>
@ -1589,19 +1615,14 @@ GET_ACCOUNT_AUTHORIZATION_DETAILS_TEMPLATE = """<GetAccountAuthorizationDetailsR
<PolicyId>{{ policy.id }}</PolicyId> <PolicyId>{{ policy.id }}</PolicyId>
<Path>{{ policy.path }}</Path> <Path>{{ policy.path }}</Path>
<PolicyVersionList> <PolicyVersionList>
{% for policy_version in policy.versions %}
<member> <member>
<Document> <Document>{{ policy_version.document }}</Document>
{"Version":"2012-10-17","Statement":{"Effect":"Allow", <IsDefaultVersion>{{ policy_version.is_default }}</IsDefaultVersion>
"Action":["iam:CreatePolicy","iam:CreatePolicyVersion", <VersionId>{{ policy_version.version_id }}</VersionId>
"iam:DeletePolicy","iam:DeletePolicyVersion","iam:GetPolicy", <CreateDate>{{ policy_version.create_datetime }}</CreateDate>
"iam:GetPolicyVersion","iam:ListPolicies",
"iam:ListPolicyVersions","iam:SetDefaultPolicyVersion"],
"Resource":"*"}}
</Document>
<IsDefaultVersion>true</IsDefaultVersion>
<VersionId>v1</VersionId>
<CreateDate>2012-05-09T16:27:11Z</CreateDate>
</member> </member>
{% endfor %}
</PolicyVersionList> </PolicyVersionList>
<Arn>{{ policy.arn }}</Arn> <Arn>{{ policy.arn }}</Arn>
<AttachmentCount>1</AttachmentCount> <AttachmentCount>1</AttachmentCount>

40
tests/test_iam/test_iam.py
View File

@ -759,6 +759,17 @@ def test_get_access_key_last_used():
@mock_iam @mock_iam
def test_get_account_authorization_details(): def test_get_account_authorization_details():
import json import json
test_policy = json.dumps({
"Version": "2012-10-17",
"Statement": [
{
"Action": "s3:ListBucket",
"Resource": "*",
"Effect": "Allow",
}
]
})
conn = boto3.client('iam', region_name='us-east-1') conn = boto3.client('iam', region_name='us-east-1')
conn.create_role(RoleName="my-role", AssumeRolePolicyDocument="some policy", Path="/my-path/") conn.create_role(RoleName="my-role", AssumeRolePolicyDocument="some policy", Path="/my-path/")
conn.create_user(Path='/', UserName='testUser') conn.create_user(Path='/', UserName='testUser')
@ -766,22 +777,22 @@ def test_get_account_authorization_details():
conn.create_policy( conn.create_policy(
PolicyName='testPolicy', PolicyName='testPolicy',
Path='/', Path='/',
PolicyDocument=json.dumps({ PolicyDocument=test_policy,
"Version": "2012-10-17",
"Statement": [
{
"Action": "s3:ListBucket",
"Resource": "*",
"Effect": "Allow",
}
]
}),
Description='Test Policy' Description='Test Policy'
) )
# Attach things to the user and group:
conn.put_user_policy(UserName='testUser', PolicyName='testPolicy', PolicyDocument=test_policy)
conn.put_group_policy(GroupName='testGroup', PolicyName='testPolicy', PolicyDocument=test_policy)
conn.attach_user_policy(UserName='testUser', PolicyArn='arn:aws:iam::123456789012:policy/testPolicy')
conn.attach_group_policy(GroupName='testGroup', PolicyArn='arn:aws:iam::123456789012:policy/testPolicy')
conn.add_user_to_group(UserName='testUser', GroupName='testGroup')
# Add things to the role:
conn.create_instance_profile(InstanceProfileName='ipn') conn.create_instance_profile(InstanceProfileName='ipn')
conn.add_role_to_instance_profile(InstanceProfileName='ipn', RoleName='my-role') conn.add_role_to_instance_profile(InstanceProfileName='ipn', RoleName='my-role')
conn.tag_role(RoleName='my-role', Tags=[ conn.tag_role(RoleName='my-role', Tags=[
{ {
'Key': 'somekey', 'Key': 'somekey',
@ -792,6 +803,7 @@ def test_get_account_authorization_details():
'Value': 'someothervalue' 'Value': 'someothervalue'
} }
]) ])
conn.put_role_policy(RoleName='my-role', PolicyName='test-policy', PolicyDocument=test_policy)
result = conn.get_account_authorization_details(Filter=['Role']) result = conn.get_account_authorization_details(Filter=['Role'])
assert len(result['RoleDetailList']) == 1 assert len(result['RoleDetailList']) == 1
@ -800,10 +812,13 @@ def test_get_account_authorization_details():
assert len(result['Policies']) == 0 assert len(result['Policies']) == 0
assert len(result['RoleDetailList'][0]['InstanceProfileList']) == 1 assert len(result['RoleDetailList'][0]['InstanceProfileList']) == 1
assert len(result['RoleDetailList'][0]['Tags']) == 2 assert len(result['RoleDetailList'][0]['Tags']) == 2
assert len(result['RoleDetailList'][0]['RolePolicyList']) == 1
result = conn.get_account_authorization_details(Filter=['User']) result = conn.get_account_authorization_details(Filter=['User'])
assert len(result['RoleDetailList']) == 0 assert len(result['RoleDetailList']) == 0
assert len(result['UserDetailList']) == 1 assert len(result['UserDetailList']) == 1
assert len(result['UserDetailList'][0]['GroupList']) == 1
assert len(result['UserDetailList'][0]['AttachedManagedPolicies']) == 1
assert len(result['GroupDetailList']) == 0 assert len(result['GroupDetailList']) == 0
assert len(result['Policies']) == 0 assert len(result['Policies']) == 0
@ -811,6 +826,8 @@ def test_get_account_authorization_details():
assert len(result['RoleDetailList']) == 0 assert len(result['RoleDetailList']) == 0
assert len(result['UserDetailList']) == 0 assert len(result['UserDetailList']) == 0
assert len(result['GroupDetailList']) == 1 assert len(result['GroupDetailList']) == 1
assert len(result['GroupDetailList'][0]['GroupPolicyList']) == 1
assert len(result['GroupDetailList'][0]['AttachedManagedPolicies']) == 1
assert len(result['Policies']) == 0 assert len(result['Policies']) == 0
result = conn.get_account_authorization_details(Filter=['LocalManagedPolicy']) result = conn.get_account_authorization_details(Filter=['LocalManagedPolicy'])
@ -818,6 +835,7 @@ def test_get_account_authorization_details():
assert len(result['UserDetailList']) == 0 assert len(result['UserDetailList']) == 0
assert len(result['GroupDetailList']) == 0 assert len(result['GroupDetailList']) == 0
assert len(result['Policies']) == 1 assert len(result['Policies']) == 1
assert len(result['Policies'][0]['PolicyVersionList']) == 1
# Check for greater than 1 since this should always be greater than one but might change. # Check for greater than 1 since this should always be greater than one but might change.
# See iam/aws_managed_policies.py # See iam/aws_managed_policies.py