Adding account id to ManagedPolicy ARN

This commit is contained in:
Nathan Mische 2018-07-13 10:41:22 -04:00
parent ba1ceee95f
commit ff80ecb56d
2 changed files with 30 additions and 17 deletions

View File

@ -50,10 +50,6 @@ class Policy(BaseModel):
self.create_datetime = datetime.now(pytz.utc) self.create_datetime = datetime.now(pytz.utc)
self.update_datetime = datetime.now(pytz.utc) self.update_datetime = datetime.now(pytz.utc)
@property
def arn(self):
return 'arn:aws:iam::aws:policy{0}{1}'.format(self.path, self.name)
class PolicyVersion(object): class PolicyVersion(object):
@ -82,6 +78,10 @@ class ManagedPolicy(Policy):
self.attachment_count -= 1 self.attachment_count -= 1
del obj.managed_policies[self.name] del obj.managed_policies[self.name]
@property
def arn(self):
return "arn:aws:iam::{0}:policy{1}{2}".format(ACCOUNT_ID, self.path, self.name)
class AWSManagedPolicy(ManagedPolicy): class AWSManagedPolicy(ManagedPolicy):
"""AWS-managed policy.""" """AWS-managed policy."""
@ -93,6 +93,10 @@ class AWSManagedPolicy(ManagedPolicy):
path=data.get('Path'), path=data.get('Path'),
document=data.get('Document')) document=data.get('Document'))
@property
def arn(self):
return 'arn:aws:iam::aws:policy{0}{1}'.format(self.path, self.name)
# AWS defines some of its own managed policies and we periodically # AWS defines some of its own managed policies and we periodically
# import them via `make aws_managed_policies` # import them via `make aws_managed_policies`

View File

@ -262,18 +262,27 @@ def test_update_assume_role_policy():
role.assume_role_policy_document.should.equal("my-policy") role.assume_role_policy_document.should.equal("my-policy")
@mock_iam
def test_create_policy():
conn = boto3.client('iam', region_name='us-east-1')
response = conn.create_policy(
PolicyName="TestCreatePolicy",
PolicyDocument='{"some":"policy"}')
response['Policy']['Arn'].should.equal("arn:aws:iam::123456789012:policy/TestCreatePolicy")
@mock_iam @mock_iam
def test_create_policy_versions(): def test_create_policy_versions():
conn = boto3.client('iam', region_name='us-east-1') conn = boto3.client('iam', region_name='us-east-1')
with assert_raises(ClientError): with assert_raises(ClientError):
conn.create_policy_version( conn.create_policy_version(
PolicyArn="arn:aws:iam::aws:policy/TestCreatePolicyVersion", PolicyArn="arn:aws:iam::123456789012:policy/TestCreatePolicyVersion",
PolicyDocument='{"some":"policy"}') PolicyDocument='{"some":"policy"}')
conn.create_policy( conn.create_policy(
PolicyName="TestCreatePolicyVersion", PolicyName="TestCreatePolicyVersion",
PolicyDocument='{"some":"policy"}') PolicyDocument='{"some":"policy"}')
version = conn.create_policy_version( version = conn.create_policy_version(
PolicyArn="arn:aws:iam::aws:policy/TestCreatePolicyVersion", PolicyArn="arn:aws:iam::123456789012:policy/TestCreatePolicyVersion",
PolicyDocument='{"some":"policy"}') PolicyDocument='{"some":"policy"}')
version.get('PolicyVersion').get('Document').should.equal({'some': 'policy'}) version.get('PolicyVersion').get('Document').should.equal({'some': 'policy'})
@ -285,14 +294,14 @@ def test_get_policy_version():
PolicyName="TestGetPolicyVersion", PolicyName="TestGetPolicyVersion",
PolicyDocument='{"some":"policy"}') PolicyDocument='{"some":"policy"}')
version = conn.create_policy_version( version = conn.create_policy_version(
PolicyArn="arn:aws:iam::aws:policy/TestGetPolicyVersion", PolicyArn="arn:aws:iam::123456789012:policy/TestGetPolicyVersion",
PolicyDocument='{"some":"policy"}') PolicyDocument='{"some":"policy"}')
with assert_raises(ClientError): with assert_raises(ClientError):
conn.get_policy_version( conn.get_policy_version(
PolicyArn="arn:aws:iam::aws:policy/TestGetPolicyVersion", PolicyArn="arn:aws:iam::123456789012:policy/TestGetPolicyVersion",
VersionId='v2-does-not-exist') VersionId='v2-does-not-exist')
retrieved = conn.get_policy_version( retrieved = conn.get_policy_version(
PolicyArn="arn:aws:iam::aws:policy/TestGetPolicyVersion", PolicyArn="arn:aws:iam::123456789012:policy/TestGetPolicyVersion",
VersionId=version.get('PolicyVersion').get('VersionId')) VersionId=version.get('PolicyVersion').get('VersionId'))
retrieved.get('PolicyVersion').get('Document').should.equal({'some': 'policy'}) retrieved.get('PolicyVersion').get('Document').should.equal({'some': 'policy'})
@ -302,18 +311,18 @@ def test_list_policy_versions():
conn = boto3.client('iam', region_name='us-east-1') conn = boto3.client('iam', region_name='us-east-1')
with assert_raises(ClientError): with assert_raises(ClientError):
versions = conn.list_policy_versions( versions = conn.list_policy_versions(
PolicyArn="arn:aws:iam::aws:policy/TestListPolicyVersions") PolicyArn="arn:aws:iam::123456789012:policy/TestListPolicyVersions")
conn.create_policy( conn.create_policy(
PolicyName="TestListPolicyVersions", PolicyName="TestListPolicyVersions",
PolicyDocument='{"some":"policy"}') PolicyDocument='{"some":"policy"}')
conn.create_policy_version( conn.create_policy_version(
PolicyArn="arn:aws:iam::aws:policy/TestListPolicyVersions", PolicyArn="arn:aws:iam::123456789012:policy/TestListPolicyVersions",
PolicyDocument='{"first":"policy"}') PolicyDocument='{"first":"policy"}')
conn.create_policy_version( conn.create_policy_version(
PolicyArn="arn:aws:iam::aws:policy/TestListPolicyVersions", PolicyArn="arn:aws:iam::123456789012:policy/TestListPolicyVersions",
PolicyDocument='{"second":"policy"}') PolicyDocument='{"second":"policy"}')
versions = conn.list_policy_versions( versions = conn.list_policy_versions(
PolicyArn="arn:aws:iam::aws:policy/TestListPolicyVersions") PolicyArn="arn:aws:iam::123456789012:policy/TestListPolicyVersions")
versions.get('Versions')[0].get('Document').should.equal({'first': 'policy'}) versions.get('Versions')[0].get('Document').should.equal({'first': 'policy'})
versions.get('Versions')[1].get('Document').should.equal({'second': 'policy'}) versions.get('Versions')[1].get('Document').should.equal({'second': 'policy'})
@ -325,17 +334,17 @@ def test_delete_policy_version():
PolicyName="TestDeletePolicyVersion", PolicyName="TestDeletePolicyVersion",
PolicyDocument='{"some":"policy"}') PolicyDocument='{"some":"policy"}')
conn.create_policy_version( conn.create_policy_version(
PolicyArn="arn:aws:iam::aws:policy/TestDeletePolicyVersion", PolicyArn="arn:aws:iam::123456789012:policy/TestDeletePolicyVersion",
PolicyDocument='{"first":"policy"}') PolicyDocument='{"first":"policy"}')
with assert_raises(ClientError): with assert_raises(ClientError):
conn.delete_policy_version( conn.delete_policy_version(
PolicyArn="arn:aws:iam::aws:policy/TestDeletePolicyVersion", PolicyArn="arn:aws:iam::123456789012:policy/TestDeletePolicyVersion",
VersionId='v2-nope-this-does-not-exist') VersionId='v2-nope-this-does-not-exist')
conn.delete_policy_version( conn.delete_policy_version(
PolicyArn="arn:aws:iam::aws:policy/TestDeletePolicyVersion", PolicyArn="arn:aws:iam::123456789012:policy/TestDeletePolicyVersion",
VersionId='v1') VersionId='v1')
versions = conn.list_policy_versions( versions = conn.list_policy_versions(
PolicyArn="arn:aws:iam::aws:policy/TestDeletePolicyVersion") PolicyArn="arn:aws:iam::123456789012:policy/TestDeletePolicyVersion")
len(versions.get('Versions')).should.equal(0) len(versions.get('Versions')).should.equal(0)