def test_sqs_policies(self):
policies = load_data('iam/sqs-policies.json')
for p, expected in zip(
policies,
[False, True, True, False, False, False, False, False]):
violations = check_cross_account(p, set(['221800032964']))
self.assertEqual(bool(violations), expected)
def test_sqs_policies(self):
policies = load_data('iam/sqs-policies.json')
for p, expected in zip(
policies, [False, True, True, False,
False, False, False, False]):
violations = check_cross_account(p, set(['221800032964']))
self.assertEqual(bool(violations), expected)
def test_not_principal_allowed(self):
policy = {
'Id': 'Foo',
"Version": "2012-10-17",
'Statement': [
{'Action': 'SQS:ReceiveMessage',
'Effect': 'Deny',
'Principal': '*'},
{'Action': 'SQS:SendMessage',
'Effect': 'Allow',
'NotPrincipal': '90120'}]}
self.assertTrue(
bool(check_cross_account(policy, set(['221800032964']))))
def test_not_principal_allowed(self):
policy = {
'Id': 'Foo',
"Version": "2012-10-17",
'Statement': [
{'Action': 'SQS:ReceiveMessage',
'Effect': 'Deny',
'Principal': '*'},
{'Action': 'SQS:SendMessage',
'Effect': 'Allow',
'NotPrincipal': '90120'}]}
self.assertTrue(
bool(check_cross_account(policy, set(['221800032964']))))
