def test_create_group(iam, settings):
aws.create_group('test', '/group/test/')
policy = iam.Policy(
f'arn:aws:iam::{settings.AWS_DATA_ACCOUNT_ID}:policy/group/test/test')
pd = policy.default_version.document
stmt = pd['Statement'][0]
assert stmt['Action'] == [
"s3:ListAllMyBuckets", "s3:ListAccessPoints",
"s3:GetAccountPublicAccessBlock"
]
assert stmt['Resource'] == "*"
assert stmt['Effect'] == 'Allow'
def test_create_group(iam, settings):
aws.create_group('test', '/group/test/')
policy = iam.Policy(
f'arn:aws:iam::{settings.AWS_DATA_ACCOUNT_ID}:policy/group/test/test')
pd = policy.default_version.document
stmt = pd['Statement'][0]
assert stmt['Action'] == [
's3:GetBucketLocation',
's3:ListAllMyBuckets',
]
assert stmt['Resource'] == ['arn:aws:s3:::*']
assert stmt['Effect'] == 'Allow'
def group(iam):
aws.create_group('test', '/group/test/')
group_arn = f'arn:aws:iam::{settings.AWS_DATA_ACCOUNT_ID}:policy/group/test/test'
return iam.Policy(group_arn)
def create(self):
aws.create_group(
self.policy.name,
self.policy.path,
)