def test_generate_with_force_include(self):
standards = ["PCI"]
include = ["yolo"]
exclude = []
results = generate_allowlist_scp(standards, include=include, exclude=exclude)
# print(json.dumps(results, indent=4))
not_actions = results.get("Statement").get("NotAction")
self.assertTrue("yolo:*" in not_actions)
def test_generate_with_force_exclude(self):
standards = ["PCI"]
include = []
exclude = ["iam"]
results = generate_allowlist_scp(standards, include=include, exclude=exclude)
# print(json.dumps(results, indent=4))
not_actions = results.get("Statement").get("NotAction")
# Even though we would never remove IAM from an SCP,
# this is a good way to demonstrate how services can be forcibly removed from the SCP
self.assertTrue("iam:*" not in not_actions)
