diff --git a/moto/iam/models.py b/moto/iam/models.py index c7142fb5d..30674a306 100644 --- a/moto/iam/models.py +++ b/moto/iam/models.py @@ -43,6 +43,7 @@ class Policy(BaseModel): self.id = random_policy_id() self.path = path or '/' self.default_version_id = default_version_id or 'v1' + self.versions = [] self.create_datetime = datetime.now(pytz.utc) self.update_datetime = datetime.now(pytz.utc) @@ -52,6 +53,20 @@ class Policy(BaseModel): return 'arn:aws:iam::aws:policy{0}{1}'.format(self.path, self.name) +class Version(object): + + def __init__(self, + policy_arn, + document, + is_default_version=False): + self.policy_arn = policy_arn + self.document = document or {} + self.is_default_version = is_default_version + self.version_id = 'v1' + + self.create_datetime = datetime.now(pytz.utc) + + class ManagedPolicy(Policy): """Managed policy.""" @@ -536,6 +551,15 @@ class IAMBackend(BaseBackend): return policies, marker + def get_policy(self, policy_name): + policy = self.managed_policies[policy_name] + if not policy: + raise IAMNotFoundException("Policy {0} not found".format(policy_name)) + return policy + + def get_policies(self): + return self.managed_policies.values() + def create_role(self, role_name, assume_role_policy_document, path): role_id = random_resource_id() role = Role(role_id, role_name, assume_role_policy_document, path) @@ -568,6 +592,24 @@ class IAMBackend(BaseBackend): role = self.get_role(role_name) return role.policies.keys() + def create_policy_version(self, policy_arn, policy_document, set_as_default): + policy_name = policy_arn.split(':')[-1] + policy_name = policy_name.split('/')[1] + policy = self.get_policy(policy_name) + version = Version(policy_arn, policy_document, set_as_default) + policy.versions.append(version) + if set_as_default: + policy.default_version_id = version.version_id + + def delete_policy_version(self, policy_arn, version_id): + policy_name = policy_arn.split(':')[-1] + policy_name = policy_name.split('/')[1] + policy = self.get_policy(policy_name) + for i, v in enumerate(policy.versions): + if v.version_id == version_id: + del policy.versions[i] + return + def create_instance_profile(self, name, path, role_ids): instance_profile_id = random_resource_id() diff --git a/moto/iam/responses.py b/moto/iam/responses.py index 8e19b3aa7..407592f8d 100644 --- a/moto/iam/responses.py +++ b/moto/iam/responses.py @@ -93,6 +93,30 @@ class IamResponse(BaseResponse): template = self.response_template(GENERIC_EMPTY_TEMPLATE) return template.render(name="UpdateAssumeRolePolicyResponse") + def create_policy_version(self): + policy_arn = self._get_param('PolicyArn') + policy_document = self._get_param('PolicyDocument') + set_as_default = self._get_param('SetAsDefault') + policy_version = iam_backend.create_policy_version(policy_arn, policy_document, set_as_default) + + template = self.response_template(LIST_POLICY_VERSIONS_TEMPLATE) + return template.render(policy_versions=[policy_version]) + + def list_policy_versions(self): + policy_arn = self._get_param('PolicyArn') + policy_versions = iam_backend.list_policy_versions(policy_arn) + + template = self.response_template(LIST_POLICY_VERSIONS_TEMPLATE) + return template.render(policy_versions=policy_versions) + + def delete_policy_version(self): + policy_arn = self._get_param('PolicyArn') + version_id = self._get_param('VersionId') + + iam_backend.delete_policy_version(policy_arn, version_id) + template = self.response_template(GENERIC_EMPTY_TEMPLATE) + return template.render(name='DeletePolicyVersion') + def create_instance_profile(self): profile_name = self._get_param('InstanceProfileName') path = self._get_param('Path') @@ -600,6 +624,25 @@ LIST_ROLE_POLICIES = """ + + false + + {% for version in policy_versions %} + + {{ version.document }} + {{ version.version_id }} + {{ version.is_default_version }} + 2012-05-09T15:45:35Z + + {% endfor %} + + + + 20f7279f-99ee-11e1-a4c3-27EXAMPLE804 + +""" + LIST_INSTANCE_PROFILES_TEMPLATE = """ false