def test_move_user_suspended_group():
iam = boto3.client('iam', region_name='us-east-1')
username = '******'
groupname = 'SuspendedGroup'
iam.create_user(UserName=username)
iam.create_group(GroupName=groupname)
users = sns_unused_credentials.list_users(iam)
sns_unused_credentials.move_user_suspended_group(iam, users[0])
users = sns_unused_credentials.list_users(iam)
resp = sns_unused_credentials.list_groups(iam, users[0])
assert len(resp) == 1
assert resp[0]['GroupName'] == (groupname)
def test_user_date_created():
iam = boto3.client('iam', region_name='us-east-1')
with freeze_time("2012-01-14"):
iam.create_user(UserName='******')
users = sns_unused_credentials.list_users(iam)
resp = sns_unused_credentials.user_date_created(iam, users[0])
assert resp == (datetime(2012, 1, 14, 0, 0, tzinfo=tzutc()))
def test_last_used_date_absent():
iam = boto3.client('iam', region_name='us-east-1')
username = '******'
iam.create_user(UserName=username)
create_key_response = iam.create_access_key(UserName=username)['AccessKey']
now = sns_unused_credentials.extract_date(datetime.today())
users = sns_unused_credentials.list_users(iam)
resp = sns_unused_credentials.last_used_date_absent(iam, users)
assert resp == []
def test_list_users():
max_items = 10
conn = boto3.client('iam', region_name='us-east-1')
conn.create_user(UserName='******')
conn.create_user(UserName='******')
response = sns_unused_credentials.list_users(conn)
user = response[0]
user1 = response[1]
assert len(response) == 2
assert user['UserName'] == ('my-user')
assert user1['UserName'] == ('my-user1')
def test_last_used_date_warning():
iam = boto3.client('iam', region_name='us-east-1')
username = '******'
with freeze_time("2012-01-14"):
iam.create_user(UserName=username)
create_key_response = iam.create_access_key(
UserName=username)['AccessKey']
now = sns_unused_credentials.extract_date(datetime.today())
users = sns_unused_credentials.list_users(iam)
resp = sns_unused_credentials.last_used_date_warning(iam, now, users)
assert resp == (['test-user'])
def test_list_keys():
iam = boto3.client('iam', region_name='us-east-1')
iam.create_user(UserName='******')
iam.create_access_key(UserName='******')['AccessKey']
iam.create_access_key(UserName='******')['AccessKey']
users = sns_unused_credentials.list_users(iam)
response = sns_unused_credentials.list_keys(iam, users[0])
status = response[0]['Status']
status1 = response[1]['Status']
assert len(response) == 2
assert status == ('Active')
assert status1 == ('Active')
def test_deactivate_access_key():
iam = boto3.client('iam', region_name='us-east-1')
iam.create_user(UserName='******')
key = iam.create_access_key(UserName='******')['AccessKey']
users = sns_unused_credentials.list_users(iam)
list_keys = sns_unused_credentials.list_keys(iam, users[0])
resp = sns_unused_credentials.access_key_active(list_keys[0])
assert resp is True
sns_unused_credentials.deactivate_access_key(iam, list_keys[0])
list_keys = sns_unused_credentials.list_keys(iam, users[0])
resp = sns_unused_credentials.access_key_active(list_keys[0])
assert resp is False
def test_check_admin_user_policy():
policy_name = 'mytest'
username = '******'
iam = boto3.client('iam', region_name='us-east-1')
iam.create_user(UserName=username)
policy = iam.create_policy(PolicyName=policy_name,
PolicyDocument=MOCK_POLICY)
iam.attach_user_policy(UserName=username,
PolicyArn=policy['Policy']['Arn'])
users = sns_unused_credentials.list_users(iam)
resp = sns_unused_credentials.check_admin_user_policy(iam, users[0])
assert resp is False
def test_check_admin_group_policy():
policy_name = 'AdministratorAccess'
username = '******'
group = 'test-group'
iam = boto3.client('iam', region_name='us-east-1')
iam.create_user(UserName=username)
iam.create_group(GroupName=group)
policy = iam.create_policy(PolicyName=policy_name,
PolicyDocument=MOCK_POLICY)
iam.add_user_to_group(GroupName=group, UserName=username)
iam.attach_group_policy(GroupName=group, PolicyArn=policy['Policy']['Arn'])
users = sns_unused_credentials.list_users(iam)
resp = sns_unused_credentials.check_admin_group_policy(iam, users[0])
assert resp is True
def test_access_key_active():
iam = boto3.client('iam', region_name='us-east-1')
iam.create_user(UserName='******')
key = iam.create_access_key(UserName='******')['AccessKey']
users = sns_unused_credentials.list_users(iam)
list_keys = sns_unused_credentials.list_keys(iam, users[0])
resp = sns_unused_credentials.access_key_active(list_keys[0])
assert resp is True
iam.update_access_key(UserName='******',
AccessKeyId=key['AccessKeyId'],
Status='Inactive')
list_keys = sns_unused_credentials.list_keys(iam, users[0])
resp = sns_unused_credentials.access_key_active(list_keys[0])
assert resp is False
def test_get_curated_list():
max_items = 10
conn = boto3.client('iam', region_name='us-east-1')
conn.create_user(UserName='******')
conn.create_user(UserName='******')
conn.create_user(UserName='******')
conn.create_user(UserName='******')
excluded_users = ['my-user1', 'my-user2']
users = sns_unused_credentials.list_users(conn)
response = sns_unused_credentials.get_curated_list(users, excluded_users)
user = response[0]
user1 = response[1]
assert len(response) == 2
assert user['UserName'] == ('my-user')
assert user1['UserName'] == ('my-user3')
def test_attached_user_policy():
policy_name = 'AdministratorAccess'
username = '******'
iam = boto3.client('iam', region_name='us-east-1')
iam.create_user(UserName=username)
policy = iam.create_policy(PolicyName=policy_name,
PolicyDocument=MOCK_POLICY)
iam.attach_user_policy(UserName=username,
PolicyArn=policy['Policy']['Arn'])
users = sns_unused_credentials.list_users(iam)
policies = sns_unused_credentials.attached_user_policy(iam, users[0])
assert policies == ([{
'PolicyArn': 'arn:aws:iam::123456789012:policy/AdministratorAccess',
'PolicyName': 'AdministratorAccess'
}])
def test_users_excluded_check():
policy_name = 'AdministratorAccess'
username = '******'
now = sns_unused_credentials.extract_date(datetime.today())
iam = boto3.client('iam', region_name='us-east-1')
with freeze_time("2012-01-14"):
iam.create_user(UserName=username)
iam.create_user(UserName='******')
iam.create_user(UserName='******')
policy = iam.create_policy(PolicyName=policy_name,
PolicyDocument=MOCK_POLICY)
iam.attach_user_policy(UserName=username,
PolicyArn=policy['Policy']['Arn'])
users = sns_unused_credentials.list_users(iam)
resp = sns_unused_credentials.users_excluded_check(iam, now, users)
assert len(resp) == 1
assert resp == ([username])