208 lines
6.4 KiB
Python
208 lines
6.4 KiB
Python
from __future__ import unicode_literals
|
|
|
|
from datetime import datetime
|
|
|
|
import boto
|
|
import boto3
|
|
import sure # noqa
|
|
|
|
import pytest
|
|
from boto.exception import BotoServerError
|
|
from botocore.exceptions import ClientError
|
|
from moto import mock_iam, mock_iam_deprecated
|
|
from moto.core import ACCOUNT_ID
|
|
|
|
MOCK_POLICY = """
|
|
{
|
|
"Version": "2012-10-17",
|
|
"Statement":
|
|
{
|
|
"Effect": "Allow",
|
|
"Action": "s3:ListBucket",
|
|
"Resource": "arn:aws:s3:::example_bucket"
|
|
}
|
|
}
|
|
"""
|
|
|
|
|
|
@mock_iam_deprecated()
|
|
def test_create_group():
|
|
conn = boto.connect_iam()
|
|
conn.create_group("my-group")
|
|
with pytest.raises(BotoServerError):
|
|
conn.create_group("my-group")
|
|
|
|
|
|
@mock_iam_deprecated()
|
|
def test_get_group():
|
|
conn = boto.connect_iam()
|
|
conn.create_group("my-group")
|
|
conn.get_group("my-group")
|
|
with pytest.raises(BotoServerError):
|
|
conn.get_group("not-group")
|
|
|
|
|
|
@mock_iam()
|
|
def test_get_group_current():
|
|
conn = boto3.client("iam", region_name="us-east-1")
|
|
conn.create_group(GroupName="my-group")
|
|
result = conn.get_group(GroupName="my-group")
|
|
|
|
assert result["Group"]["Path"] == "/"
|
|
assert result["Group"]["GroupName"] == "my-group"
|
|
assert isinstance(result["Group"]["CreateDate"], datetime)
|
|
assert result["Group"]["GroupId"]
|
|
assert result["Group"]["Arn"] == "arn:aws:iam::{}:group/my-group".format(ACCOUNT_ID)
|
|
assert not result["Users"]
|
|
|
|
# Make a group with a different path:
|
|
other_group = conn.create_group(GroupName="my-other-group", Path="some/location")
|
|
assert other_group["Group"]["Path"] == "some/location"
|
|
assert other_group["Group"][
|
|
"Arn"
|
|
] == "arn:aws:iam::{}:group/some/location/my-other-group".format(ACCOUNT_ID)
|
|
|
|
|
|
@mock_iam_deprecated()
|
|
def test_get_all_groups():
|
|
conn = boto.connect_iam()
|
|
conn.create_group("my-group1")
|
|
conn.create_group("my-group2")
|
|
groups = conn.get_all_groups()["list_groups_response"]["list_groups_result"][
|
|
"groups"
|
|
]
|
|
groups.should.have.length_of(2)
|
|
|
|
|
|
@mock_iam_deprecated()
|
|
def test_add_user_to_group():
|
|
conn = boto.connect_iam()
|
|
with pytest.raises(BotoServerError):
|
|
conn.add_user_to_group("my-group", "my-user")
|
|
conn.create_group("my-group")
|
|
with pytest.raises(BotoServerError):
|
|
conn.add_user_to_group("my-group", "my-user")
|
|
conn.create_user("my-user")
|
|
conn.add_user_to_group("my-group", "my-user")
|
|
|
|
|
|
@mock_iam_deprecated()
|
|
def test_remove_user_from_group():
|
|
conn = boto.connect_iam()
|
|
with pytest.raises(BotoServerError):
|
|
conn.remove_user_from_group("my-group", "my-user")
|
|
conn.create_group("my-group")
|
|
conn.create_user("my-user")
|
|
with pytest.raises(BotoServerError):
|
|
conn.remove_user_from_group("my-group", "my-user")
|
|
conn.add_user_to_group("my-group", "my-user")
|
|
conn.remove_user_from_group("my-group", "my-user")
|
|
|
|
|
|
@mock_iam_deprecated()
|
|
def test_get_groups_for_user():
|
|
conn = boto.connect_iam()
|
|
conn.create_group("my-group1")
|
|
conn.create_group("my-group2")
|
|
conn.create_group("other-group")
|
|
conn.create_user("my-user")
|
|
conn.add_user_to_group("my-group1", "my-user")
|
|
conn.add_user_to_group("my-group2", "my-user")
|
|
|
|
groups = conn.get_groups_for_user("my-user")["list_groups_for_user_response"][
|
|
"list_groups_for_user_result"
|
|
]["groups"]
|
|
groups.should.have.length_of(2)
|
|
|
|
|
|
@mock_iam_deprecated()
|
|
def test_put_group_policy():
|
|
conn = boto.connect_iam()
|
|
conn.create_group("my-group")
|
|
conn.put_group_policy("my-group", "my-policy", MOCK_POLICY)
|
|
|
|
|
|
@mock_iam
|
|
def test_attach_group_policies():
|
|
conn = boto3.client("iam", region_name="us-east-1")
|
|
conn.create_group(GroupName="my-group")
|
|
conn.list_attached_group_policies(GroupName="my-group")[
|
|
"AttachedPolicies"
|
|
].should.be.empty
|
|
policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role"
|
|
conn.list_attached_group_policies(GroupName="my-group")[
|
|
"AttachedPolicies"
|
|
].should.be.empty
|
|
conn.attach_group_policy(GroupName="my-group", PolicyArn=policy_arn)
|
|
conn.list_attached_group_policies(GroupName="my-group")[
|
|
"AttachedPolicies"
|
|
].should.equal(
|
|
[{"PolicyName": "AmazonElasticMapReduceforEC2Role", "PolicyArn": policy_arn}]
|
|
)
|
|
|
|
conn.detach_group_policy(GroupName="my-group", PolicyArn=policy_arn)
|
|
conn.list_attached_group_policies(GroupName="my-group")[
|
|
"AttachedPolicies"
|
|
].should.be.empty
|
|
|
|
|
|
@mock_iam_deprecated()
|
|
def test_get_group_policy():
|
|
conn = boto.connect_iam()
|
|
conn.create_group("my-group")
|
|
with pytest.raises(BotoServerError):
|
|
conn.get_group_policy("my-group", "my-policy")
|
|
|
|
conn.put_group_policy("my-group", "my-policy", MOCK_POLICY)
|
|
conn.get_group_policy("my-group", "my-policy")
|
|
|
|
|
|
@mock_iam_deprecated()
|
|
def test_get_all_group_policies():
|
|
conn = boto.connect_iam()
|
|
conn.create_group("my-group")
|
|
policies = conn.get_all_group_policies("my-group")["list_group_policies_response"][
|
|
"list_group_policies_result"
|
|
]["policy_names"]
|
|
assert policies == []
|
|
conn.put_group_policy("my-group", "my-policy", MOCK_POLICY)
|
|
policies = conn.get_all_group_policies("my-group")["list_group_policies_response"][
|
|
"list_group_policies_result"
|
|
]["policy_names"]
|
|
assert policies == ["my-policy"]
|
|
|
|
|
|
@mock_iam()
|
|
def test_list_group_policies():
|
|
conn = boto3.client("iam", region_name="us-east-1")
|
|
conn.create_group(GroupName="my-group")
|
|
conn.list_group_policies(GroupName="my-group")["PolicyNames"].should.be.empty
|
|
conn.put_group_policy(
|
|
GroupName="my-group", PolicyName="my-policy", PolicyDocument=MOCK_POLICY
|
|
)
|
|
conn.list_group_policies(GroupName="my-group")["PolicyNames"].should.equal(
|
|
["my-policy"]
|
|
)
|
|
|
|
|
|
@mock_iam
|
|
def test_delete_group():
|
|
conn = boto3.client("iam", region_name="us-east-1")
|
|
conn.create_group(GroupName="my-group")
|
|
groups = conn.list_groups()
|
|
assert groups["Groups"][0]["GroupName"] == "my-group"
|
|
assert len(groups["Groups"]) == 1
|
|
conn.delete_group(GroupName="my-group")
|
|
conn.list_groups()["Groups"].should.be.empty
|
|
|
|
|
|
@mock_iam
|
|
def test_delete_unknown_group():
|
|
conn = boto3.client("iam", region_name="us-east-1")
|
|
with pytest.raises(ClientError) as err:
|
|
conn.delete_group(GroupName="unknown-group")
|
|
err.value.response["Error"]["Code"].should.equal("NoSuchEntity")
|
|
err.value.response["Error"]["Message"].should.equal(
|
|
"The group with name unknown-group cannot be found."
|
|
)
|