From f0b22fcd2f775ac11c2b48965927dd492d0b50f6 Mon Sep 17 00:00:00 2001 From: Chris Murton Date: Tue, 22 Oct 2019 15:28:59 +0100 Subject: [PATCH] Fix absent role deletion, Add more delete_user tests, add no conflict deletion testing --- tests/test_iam/test_iam.py | 45 +++++++++++++++++++++++++++++++------- 1 file changed, 37 insertions(+), 8 deletions(-) diff --git a/tests/test_iam/test_iam.py b/tests/test_iam/test_iam.py index eb69852a8..e46c7dd6a 100644 --- a/tests/test_iam/test_iam.py +++ b/tests/test_iam/test_iam.py @@ -235,12 +235,13 @@ def test_delete_role(): with assert_raises(conn.exceptions.DeleteConflictException): conn.delete_role(RoleName="my-role") conn.delete_role_policy(RoleName="my-role", PolicyName="my-role-policy") + conn.delete_role(RoleName="my-role") with assert_raises(conn.exceptions.NoSuchEntityException): conn.get_role(RoleName="my-role") # Test deletion failure with attachment to an instance profile conn.create_role(RoleName="my-role", AssumeRolePolicyDocument="some policy", Path="/my-path/") - conn.create_instance_profile("my-profile", path="my-path") + conn.create_instance_profile(InstanceProfileName="my-profile") conn.add_role_to_instance_profile(InstanceProfileName="my-profile", RoleName="my-role") with assert_raises(conn.exceptions.DeleteConflictException): conn.delete_role(RoleName="my-role") @@ -249,6 +250,12 @@ def test_delete_role(): with assert_raises(conn.exceptions.NoSuchEntityException): conn.get_role(RoleName="my-role") + # Test deletion with no conflicts + conn.create_role(RoleName="my-role", AssumeRolePolicyDocument="some policy", Path="/my-path/") + conn.delete_role(RoleName="my-role") + with assert_raises(conn.exceptions.NoSuchEntityException): + conn.get_role(RoleName="my-role") + @mock_iam_deprecated() def test_list_instance_profiles(): @@ -758,18 +765,40 @@ def test_delete_user_deprecated(): @mock_iam() def test_delete_user(): conn = boto3.client('iam', region_name='us-east-1') - with assert_raises(ClientError): + with assert_raises(conn.exceptions.NoSuchEntityException): conn.delete_user(UserName='my-user') - conn.create_user(UserName='my-user') - [user['UserName'] for user in conn.list_users()['Users']].should.equal(['my-user']) - conn.put_user_policy(UserName='my-user', PolicyName='my-user-policy', PolicyDocument=MOCK_POLICY) - with assert_raises(ClientError): + # Test deletion failure with a managed policy + conn.create_user(UserName='my-user') + response = conn.create_policy(PolicyName="my-managed-policy", PolicyDocument=MOCK_POLICY) + conn.attach_user_policy(PolicyArn=response['Policy']['Arn'], UserName="my-user") + with assert_raises(conn.exceptions.DeleteConflictException): + conn.delete_user(UserName='my-user') + conn.detach_user_policy(PolicyArn=response['Policy']['Arn'], UserName="my-user") + conn.delete_policy(PolicyArn=response['Policy']['Arn']) + conn.delete_user(UserName='my-user') + with assert_raises(conn.exceptions.NoSuchEntityException): + conn.get_user(UserName='my-user') + + # Test deletion failure with an inline policy + conn.create_user(UserName='my-user') + conn.put_user_policy( + UserName='my-user', + PolicyName='my-user-policy', + PolicyDocument=MOCK_POLICY + ) + with assert_raises(conn.exceptions.DeleteConflictException): conn.delete_user(UserName='my-user') conn.delete_user_policy(UserName='my-user', PolicyName='my-user-policy') - conn.delete_user(UserName='my-user') - assert conn.list_users()['Users'].should.be.empty + with assert_raises(conn.exceptions.NoSuchEntityException): + conn.get_user(UserName='my-user') + + # Test deletion with no conflicts + conn.create_user(UserName='my-user') + conn.delete_user(UserName='my-user') + with assert_raises(conn.exceptions.NoSuchEntityException): + conn.get_user(UserName='my-user') @mock_iam_deprecated()