Beispiel #1
0
    def test_update_statements_cf(self):
        statements = [{
            "Effect":
            "Allow",
            "Action":
            "kms:Decrypt",
            "Resource":
            "arn:${AWS::Partition}:kms:${AWS::Region}:${AWS::AccountId}:key/my-key",
        }]

        role = Role({},
                    region="us-east-1",
                    account_id="111222333",
                    partition="aws")
        actual = role._update_statements(statements, cf_sub_func=True)
        expected = [{
            "Effect":
            "Allow",
            "Action":
            "kms:Decrypt",
            "Resource": [{
                "Fn::Sub":
                "arn:${AWS::Partition}:kms:${AWS::Region}:${AWS::AccountId}:key/my-key"
            }],
        }]

        self.assertEqual(actual, expected)
Beispiel #2
0
    def test_update_statements_cf(self):
        statements = [{
            "Effect": "Allow",
            "Action": "kms:Decrypt",
            "Resource": "arn:aws:kms:us-east-1:111222333:key/my-key",
        }]

        role = Role({})
        actual = role._update_statements(statements, is_cf=True)
        expected = [{
            "Effect": "Allow",
            "Action": "kms:Decrypt",
            "Resource": ["arn:aws:kms:us-east-1:111222333:key/my-key"],
        }]

        self.assertEqual(actual, expected)