def test_empty_iam_role(self):
     resource_conf = {
         'name': ['${var.name}-default'],
         'assume_role_policy': ""
     }
     scan_result = check.scan_resource_conf(conf=resource_conf)
     self.assertEqual(CheckResult.PASSED, scan_result)
Ejemplo n.º 2
0
 def test_failure_1(self):
     resource_conf = {
         'name': ['${var.name}-default'],
         'assume_role_policy': ['{\n  "Version": "2012-10-17",\n  '
                                  '"Statement": [\n    '
                                '{\n      '
                                  '"Action": "sts:AssumeRole",'
                                  '\n      "Principal": {\n        '
                                  '"AWS": '
                                  '"123123123123"\n      },'
                                  '\n      "Effect": "Allow",'
                                  '\n      "Sid": ""\n    }\n  ]\n}']}
     scan_result = check.scan_resource_conf(conf=resource_conf)
     self.assertEqual(CheckResult.FAILED, scan_result)
Ejemplo n.º 3
0
 def test_success(self):
     resource_conf = {
         'name': ['${var.name}-default'],
         'assume_role_policy': ['{\n  "Version": "2012-10-17",\n  '
                                  '"Statement": [\n    '
                                '{\n      '
                                  '"Action": "sts:AssumeRole",'
                                  '\n      "Principal": {\n        '
                                  '"Service": '
                                  '"ecs-tasks.amazonaws.com"\n      },'
                                  '\n      "Effect": "Allow",'
                                  '\n      "Sid": ""\n    }\n  ]\n}']}
     scan_result = check.scan_resource_conf(conf=resource_conf)
     self.assertEqual(CheckResult.PASSED, scan_result)