Implementing IAM policy versions

Adding definitions for create, list, and delete policy_versions
2017-05-15 14:56:28 -07:00 · 2017-05-15 14:56:28 -07:00 · e307dc38e6
commit e307dc38e6
parent df84675ae6
2 changed files with 85 additions and 0 deletions
--- a/moto/iam/models.py
+++ b/moto/iam/models.py
@ -43,6 +43,7 @@ class Policy(BaseModel):
        self.id = random_policy_id()
        self.path = path or '/'
        self.default_version_id = default_version_id or 'v1'
+        self.versions = []

        self.create_datetime = datetime.now(pytz.utc)
        self.update_datetime = datetime.now(pytz.utc)
@ -52,6 +53,20 @@ class Policy(BaseModel):
        return 'arn:aws:iam::aws:policy{0}{1}'.format(self.path, self.name)


+class Version(object):
+
+    def __init__(self,
+                 policy_arn,
+                 document,
+                 is_default_version=False):
+        self.policy_arn = policy_arn
+        self.document = document or {}
+        self.is_default_version = is_default_version
+        self.version_id = 'v1'
+
+        self.create_datetime = datetime.now(pytz.utc)
+
+
 class ManagedPolicy(Policy):
    """Managed policy."""

@ -536,6 +551,15 @@ class IAMBackend(BaseBackend):

        return policies, marker

+    def get_policy(self, policy_name):
+        policy = self.managed_policies[policy_name]
+        if not policy:
+            raise IAMNotFoundException("Policy {0} not found".format(policy_name))
+        return policy
+
+    def get_policies(self):
+        return self.managed_policies.values()
+
    def create_role(self, role_name, assume_role_policy_document, path):
        role_id = random_resource_id()
        role = Role(role_id, role_name, assume_role_policy_document, path)
@ -568,6 +592,24 @@ class IAMBackend(BaseBackend):
        role = self.get_role(role_name)
        return role.policies.keys()

+    def create_policy_version(self, policy_arn, policy_document, set_as_default):
+        policy_name = policy_arn.split(':')[-1]
+        policy_name = policy_name.split('/')[1]
+        policy = self.get_policy(policy_name)
+        version = Version(policy_arn, policy_document, set_as_default)
+        policy.versions.append(version)
+        if set_as_default:
+            policy.default_version_id = version.version_id
+
+    def delete_policy_version(self, policy_arn, version_id):
+        policy_name = policy_arn.split(':')[-1]
+        policy_name = policy_name.split('/')[1]
+        policy = self.get_policy(policy_name)
+        for i, v in enumerate(policy.versions):
+            if v.version_id == version_id:
+                del policy.versions[i]
+                return
+
    def create_instance_profile(self, name, path, role_ids):
        instance_profile_id = random_resource_id()

--- a/moto/iam/responses.py
+++ b/moto/iam/responses.py
@ -93,6 +93,30 @@ class IamResponse(BaseResponse):
        template = self.response_template(GENERIC_EMPTY_TEMPLATE)
        return template.render(name="UpdateAssumeRolePolicyResponse")

+    def create_policy_version(self):
+        policy_arn = self._get_param('PolicyArn')
+        policy_document = self._get_param('PolicyDocument')
+        set_as_default = self._get_param('SetAsDefault')
+        policy_version = iam_backend.create_policy_version(policy_arn, policy_document, set_as_default)
+
+        template = self.response_template(LIST_POLICY_VERSIONS_TEMPLATE)
+        return template.render(policy_versions=[policy_version])
+
+    def list_policy_versions(self):
+        policy_arn = self._get_param('PolicyArn')
+        policy_versions = iam_backend.list_policy_versions(policy_arn)
+
+        template = self.response_template(LIST_POLICY_VERSIONS_TEMPLATE)
+        return template.render(policy_versions=policy_versions)
+
+    def delete_policy_version(self):
+        policy_arn = self._get_param('PolicyArn')
+        version_id = self._get_param('VersionId')
+
+        iam_backend.delete_policy_version(policy_arn, version_id)
+        template = self.response_template(GENERIC_EMPTY_TEMPLATE)
+        return template.render(name='DeletePolicyVersion')
+
    def create_instance_profile(self):
        profile_name = self._get_param('InstanceProfileName')
        path = self._get_param('Path')
@ -600,6 +624,25 @@ LIST_ROLE_POLICIES = """<ListRolePoliciesResponse xmlns="https://iam.amazonaws.c
 </ResponseMetadata>
 </ListRolePoliciesResponse>"""

+LIST_POLICY_VERSIONS_TEMPLATE = """<ListPolicyVersionsResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
+  <ListPolicyVersionsResult>
+    <IsTruncated>false</IsTruncated>
+    <Versions>
+      {% for version in policy_versions %}
+      <member>
+        <Document>{{ version.document }}</Document>
+        <VersionId>{{ version.version_id }}</VersionId>
+        <IsDefaultVersion>{{ version.is_default_version }}</IsDefaultVersion>
+        <CreateDate>2012-05-09T15:45:35Z</CreateDate>
+      </member>
+      {% endfor %}
+    </Versions>
+  </ListPolicyVersionsResult>
+  <ResponseMetadata>
+    <RequestId>20f7279f-99ee-11e1-a4c3-27EXAMPLE804</RequestId>
+  </ResponseMetadata>
+</ListPolicyVersionsResponse>"""
+
 LIST_INSTANCE_PROFILES_TEMPLATE = """<ListInstanceProfilesResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
  <ListInstanceProfilesResult>
    <IsTruncated>false</IsTruncated>