def test_get_dependent_actions_several(self): self.assertEqual( get_dependent_actions(db_session, dependent_actions_several), [ "chime:getcdrbucket", "s3:getbucketacl", "s3:getbucketlocation", "s3:getbucketlogging", "s3:getbucketversioning", "s3:getbucketwebsite" ])
def test_print_policy_with_actions_having_dependencies(self): desired_output = { "Version": "2012-10-17", "Statement": [ { "Sid": "KmsPermissionsmanagementKey", "Effect": "Allow", "Action": [ "kms:creategrant" ], "Resource": [ "arn:aws:kms:${Region}:${Account}:key/${KeyId}" ] }, { "Sid": "MultMultNone", "Effect": "Allow", "Action": [ "kms:createcustomkeystore", "cloudhsm:describeclusters" ], "Resource": [ "*" ] } ] } supplied_actions = actions_test_data_1 supplied_actions = get_dependent_actions(db_session, supplied_actions) arn_action_group = ArnActionGroup() arn_dict = arn_action_group.process_list_of_actions(supplied_actions, db_session) self.maxDiff = None policy = print_policy(arn_dict, db_session) self.assertDictEqual(policy, desired_output)
def write_policy_with_actions(cfg, db_session, minimize_statement=False): """ Writes an IAM policy given a dict containing lists of actions. """ roles_with_actions = Roles() roles_with_actions.process_actions_config(cfg) supplied_actions = [] for role in roles_with_actions.get_roles(): supplied_actions.extend(role[3].copy()) supplied_actions = get_dependent_actions(db_session, supplied_actions) arn_action_group = ArnActionGroup() arn_dict = arn_action_group.process_list_of_actions(supplied_actions, db_session) policy = print_policy(arn_dict, db_session, minimize_statement) return policy
def test_get_dependent_actions_double(self): self.assertEqual( get_dependent_actions(db_session, dependent_actions_double), [ "shield:associatedrtlogbucket", "s3:getbucketpolicy", "s3:putbucketpolicy" ])
def test_get_dependent_actions_single(self): self.assertEqual( get_dependent_actions(db_session, dependent_actions_single), ["ec2:associateiaminstanceprofile", "iam:passrole"])