def test_get_aws_account_info__encoded_failures(self):
# Prepare
self.sts_client.get_caller_identity.side_effect = [
self._make_encoded_exception()
]
self.iam_client.get_user.side_effect = [self._make_encoded_exception()]
# Run module
with pytest.raises(SystemExit) as e:
utils_iam.get_aws_account_info(self.module)
# Check we only saw the calls we mocked out
self.assertEqual(self.module.client.call_count, 2)
self.sts_client.get_caller_identity.assert_called_once()
self.iam_client.get_user.assert_called_once()
# Check we got the values back we expected.
assert e.type == SystemExit
assert e.value.code == 1 # 1 == fail_json (we couldn't parse the AccessDenied errors)
def test_get_aws_account_info__user_success_gov(self):
# Prepare
self.sts_client.get_caller_identity.side_effect = [
self._make_botocore_exception()
]
self.iam_client.get_user.side_effect = [{
"User": {
"Path": "/",
"UserName": "******",
"UserId": "AIDA1234567890ABCDEFG",
"Arn": "arn:aws-us-gov:iam::123456789012:user/ExampleUser",
"CreateDate": "2020-09-08T14:04:32Z"
}
}]
# Run module
return_value = utils_iam.get_aws_account_info(self.module)
# Check we only saw the calls we mocked out
self.assertEqual(self.module.client.call_count, 2)
self.sts_client.get_caller_identity.assert_called_once()
self.iam_client.get_user.assert_called_once()
# Check we got the values back we expected.
self.assertEqual(return_value, (
'123456789012',
'aws-us-gov',
))
def ensure_tags(connection, module, glue_job):
changed = False
if module.params.get('tags') is None:
return False
account_id, partition = get_aws_account_info(module)
arn = 'arn:{0}:glue:{1}:{2}:job/{3}'.format(partition, module.region,
account_id,
module.params.get('name'))
try:
existing_tags = connection.get_tags(aws_retry=True,
ResourceArn=arn).get('Tags', {})
except (botocore.exceptions.ClientError,
botocore.exceptions.BotoCoreError) as e:
if module.check_mode:
existing_tags = {}
else:
module.fail_json_aws(e,
msg='Unable to get tags for Glue job %s' %
module.params.get('name'))
tags_to_add, tags_to_remove = compare_aws_tags(
existing_tags, module.params.get('tags'),
module.params.get('purge_tags'))
if tags_to_remove:
changed = True
if not module.check_mode:
try:
connection.untag_resource(aws_retry=True,
ResourceArn=arn,
TagsToRemove=tags_to_remove)
except (botocore.exceptions.ClientError,
botocore.exceptions.BotoCoreError) as e:
module.fail_json_aws(e,
msg='Unable to set tags for Glue job %s' %
module.params.get('name'))
if tags_to_add:
changed = True
if not module.check_mode:
try:
connection.tag_resource(aws_retry=True,
ResourceArn=arn,
TagsToAdd=tags_to_add)
except (botocore.exceptions.ClientError,
botocore.exceptions.BotoCoreError) as e:
module.fail_json_aws(e,
msg='Unable to set tags for Glue job %s' %
module.params.get('name'))
return changed
def test_get_aws_account_info__user_denied_gov(self):
# Prepare
self.sts_client.get_caller_identity.side_effect = [
self._make_botocore_exception()
]
self.iam_client.get_user.side_effect = [
self._make_denied_exception('aws-us-gov')
]
# Run module
return_value = utils_iam.get_aws_account_info(self.module)
# Check we only saw the calls we mocked out
self.assertEqual(self.module.client.call_count, 2)
self.sts_client.get_caller_identity.assert_called_once()
self.iam_client.get_user.assert_called_once()
# Check we got the values back we expected.
self.assertEqual(return_value, (
'123456789012',
'aws-us-gov',
))
def test_get_aws_account_info__caller_success_gov(self):
# Prepare
self.sts_client.get_caller_identity.side_effect = [{
'UserId':
'AIDA1234567890ABCDEFG',
'Account':
'123456789012',
'Arn':
'arn:aws-us-gov:iam::123456789012:user/ExampleUser'
}]
# Run module
return_value = utils_iam.get_aws_account_info(self.module)
# Check we only saw the calls we mocked out
self.module.client.assert_called_once()
self.sts_client.get_caller_identity.assert_called_once()
# Check we got the values back we expected.
self.assertEqual(return_value, (
'123456789012',
'aws-us-gov',
))