Beispiel #1
0
def create_policy_document_from_template(user_name, variables):
    with open('s3fs_policy_template.json', 'r') as statement_raw:
        statement = json.load(statement_raw)

    home_key_arn = aws_caller.get_kms_arn(f'alias/{user_name}-home')
    if home_key_arn == None:
        logger.warning(
            f'No KMS found in account for alias: \"alias/{user_name}-home\"')

    s3fsaccessdocument = statement[0].get('Resource')
    s3fskmsaccessdocument = statement[1].get('Resource')
    s3fslist = statement[2].get('Resource')

    s3fsaccessdocument.append(
        f'{variables["s3fs_bucket_arn"]}/home/{user_name}/*')

    s3fskmsaccessdocument.extend([
        item for item in [variables["s3fs_kms_arn"], home_key_arn]
        if item is not None
    ])

    s3fslist.append(variables["s3fs_bucket_arn"])

    return statement
Beispiel #2
0
 def test_get_kms_arn_not_found_kms(self, mock_describe_key):
     mock_describe_key.side_effect = botocore.exceptions.ClientError(
         {'Error': {
             'Code': 'NotFoundException'
         }}, 'KMS')
     assert aws_caller.get_kms_arn("/alias/test") == None
Beispiel #3
0
 def test_get_kms_arn_found_kms(self, mock_describe_key):
     mock_describe_key.return_value = kms_found_response
     assert aws_caller.get_kms_arn(
         "/alias/test"
     ) == 'arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab'