IOT: check if policy name already taken (#5352)

2022-08-02 19:45:46 +02:00 · 2022-08-02 19:45:46 +02:00 · e5f8ef2f9a
commit e5f8ef2f9a
parent e09d35701f
3 changed files with 29 additions and 0 deletions
--- a/AUTHORS.md
+++ b/AUTHORS.md
@ -62,3 +62,4 @@ Moto is written by Steve Pulec with contributions from:
 * [Ariel Beck](https://github.com/arielb135)
 * [Roman Rader](https://github.com/rrader/)
 * [Bryan Chen](https://github.com/bchen1116)
+* [Jonas Bulik](https://github.com/MrGreenTea)
--- a/moto/iot/models.py
+++ b/moto/iot/models.py
@ -992,6 +992,13 @@ class IoTBackend(BaseBackend):
        cert.status = new_status

    def create_policy(self, policy_name, policy_document):
+        if policy_name in self.policies:
+            current_policy = self.policies[policy_name]
+            raise ResourceAlreadyExistsException(
+                f"Policy cannot be created - name already exists (name={policy_name})",
+                current_policy.name,
+                current_policy.arn,
+            )
        policy = FakePolicy(policy_name, policy_document, self.region_name)
        self.policies[policy.name] = policy
        return policy
--- a/tests/test_iot/test_iot_policies.py
+++ b/tests/test_iot/test_iot_policies.py
@ -414,3 +414,24 @@ def test_list_targets_for_policy_resource_not_found(iot_client):

    e.value.response["Error"]["Code"].should.equal("ResourceNotFoundException")
    e.value.response["Error"]["Message"].should.contain("Policy not found")
+
+
+def test_create_policy_fails_when_name_taken(iot_client, policy):
+    policy_name = policy["policyName"]
+
+    with pytest.raises(ClientError) as e:
+        iot_client.create_policy(
+            policyName=policy_name,
+            policyDocument='{"Version": "2012-10-17", "Statement": [{"Effect": "Allow", "Action": "*", "Resource": "*"}]}',
+        )
+
+    current_policy = iot_client.get_policy(policyName=policy_name)
+    e.value.response["Error"]["Code"].should.equal("ResourceAlreadyExistsException")
+    e.value.response["Error"]["Message"].should.equal(
+        f"Policy cannot be created - name already exists (name={policy_name})"
+    )
+
+    # the policy should not have been overwritten
+    current_policy.should.have.key("policyDocument").which.should.equal(
+        policy["policyDocument"]
+    )