def test_convert_must_raise_if_template_name_not_found(
self, template_from_dict_mock, is_valid_templates_dict):
policy_templates_dict = {"Templates": {"key1": "value1"}}
parameter_values = {"a": "b"}
processor = PolicyTemplatesProcessor(policy_templates_dict)
with self.assertRaises(TemplateNotFoundException):
processor.convert("key2", parameter_values)
def test_get_method_must_return_none_for_unknown_template_names(
self, template_from_dict_mock, is_valid_templates_dict):
policy_templates_dict = {"Templates": {"key1": "value1"}}
template_obj = "some value"
template_from_dict_mock.return_value = template_obj
processor = PolicyTemplatesProcessor(policy_templates_dict)
self.assertEquals(processor.get("key2"), None)
def make_policy_template_for_function_plugin():
"""
Constructs an instance of policy templates processing plugin using default policy templates JSON data
:return plugins.policies.policy_templates_plugin.PolicyTemplatesForFunctionPlugin: Instance of the plugin
"""
policy_templates = PolicyTemplatesProcessor.get_default_policy_templates_json()
processor = PolicyTemplatesProcessor(policy_templates)
return PolicyTemplatesForFunctionPlugin(processor)
def test_has_method_must_work_for_not_known_template_names(self, template_from_dict_mock, is_valid_templates_dict):
policy_templates_dict = {
"Templates": {
"key1": "value1",
"key2": "value2"
}
}
processor = PolicyTemplatesProcessor(policy_templates_dict)
self.assertFalse(processor.has("someotherkey"))
def test_is_valid_templates_dict_must_bubble_unhandled_exceptions(self, read_schema_mock, jsonschema_validate_mock):
policy_templates_dict = {
"key": "value"
}
schema = "some schema"
exception_msg = "exception"
read_schema_mock.return_value = schema
jsonschema_validate_mock.side_effect = TypeError(exception_msg)
with self.assertRaises(TypeError):
PolicyTemplatesProcessor._is_valid_templates_dict(policy_templates_dict)
def test_get_method_must_return_none_for_unknown_template_names(self, template_from_dict_mock, is_valid_templates_dict):
policy_templates_dict = {
"Templates": {
"key1": "value1"
}
}
template_obj = "some value"
template_from_dict_mock.return_value = template_obj
processor = PolicyTemplatesProcessor(policy_templates_dict)
self.assertEquals(processor.get("key2"), None)
def test_schema(self, case):
failure_case = case.startswith("fail")
template = getattr(TestTemplates, case)
if failure_case:
with self.assertRaises(ValueError):
PolicyTemplatesProcessor._is_valid_templates_dict(template)
else:
# Success case
self.assertTrue(PolicyTemplatesProcessor._is_valid_templates_dict(template))
def test_convert_must_bubble_exceptions(self, template_from_dict_mock,
is_valid_templates_dict):
policy_templates_dict = {"Templates": {"key1": "value1"}}
parameter_values = {"a": "b"}
template_obj_mock = Mock()
template_from_dict_mock.return_value = template_obj_mock
template_obj_mock.to_statement.side_effect = TypeError
processor = PolicyTemplatesProcessor(policy_templates_dict)
with self.assertRaises(TypeError):
processor.convert("key1", parameter_values)
def test_convert_must_raise_if_template_name_not_found(self, template_from_dict_mock, is_valid_templates_dict):
policy_templates_dict = {
"Templates": {
"key1": "value1"
}
}
parameter_values = {
"a": "b"
}
processor = PolicyTemplatesProcessor(policy_templates_dict)
with self.assertRaises(TemplateNotFoundException):
processor.convert("key2", parameter_values)
def test_init_must_raise_on_invalid_template(self,
is_valid_templates_dict_mock):
policy_templates_dict = {"Templates": {}}
is_valid_templates_dict_mock.side_effect = ValueError()
with self.assertRaises(ValueError):
PolicyTemplatesProcessor(policy_templates_dict)
def test_get_default_policy_template_json_must_work(self, _read_file_mock):
expected = "something"
_read_file_mock.return_value = expected
result = PolicyTemplatesProcessor.get_default_policy_templates_json()
self.assertEquals(result, expected)
_read_file_mock.assert_called_once_with(PolicyTemplatesProcessor.DEFAULT_POLICY_TEMPLATES_FILE)
def test_is_valid_templates_dict_must_raise_for_invalid_input(self, read_schema_mock, jsonschema_validate_mock):
policy_templates_dict = {
"key": "value"
}
schema = "some schema"
exception_msg = "exception"
read_schema_mock.return_value = schema
jsonschema_validate_mock.side_effect = ValidationError(exception_msg)
with self.assertRaises(ValueError) as cm:
PolicyTemplatesProcessor._is_valid_templates_dict(policy_templates_dict)
ex = cm.exception
self.assertEquals(str(ex), exception_msg)
def test_read_schema_must_use_default_schema_location(self, _read_file_mock):
expected = "something"
_read_file_mock.return_value = expected
result = PolicyTemplatesProcessor._read_schema()
self.assertEquals(result, expected)
_read_file_mock.assert_called_once_with(PolicyTemplatesProcessor.SCHEMA_LOCATION)
def test_convert_must_work_for_known_template_names(
self, template_from_dict_mock, is_valid_templates_dict):
policy_templates_dict = {"Templates": {"key1": "value1"}}
parameter_values = {"a": "b"}
template_obj_mock = Mock()
template_from_dict_mock.return_value = template_obj_mock
expected = {"stmt": "result"}
template_obj_mock.to_statement.return_value = expected
processor = PolicyTemplatesProcessor(policy_templates_dict)
result = processor.convert("key1", parameter_values)
self.assertEquals(result, expected)
template_obj_mock.to_statement.assert_called_once_with(
parameter_values)
def test_init_must_validate_against_default_schema(self, is_valid_templates_dict_mock):
policy_templates_dict = {
"Templates": {}
}
is_valid_templates_dict_mock.return_value = True
PolicyTemplatesProcessor(policy_templates_dict)
is_valid_templates_dict_mock.assert_called_once_with(policy_templates_dict, None)
def make_policy_template_for_function_plugin():
"""
Constructs an instance of policy templates processing plugin using default policy templates JSON data
:return plugins.policies.policy_templates_plugin.PolicyTemplatesForFunctionPlugin: Instance of the plugin
"""
policy_templates = PolicyTemplatesProcessor.get_default_policy_templates_json()
processor = PolicyTemplatesProcessor(policy_templates)
return PolicyTemplatesForFunctionPlugin(processor)
def test_init_must_validate_against_input_schema(self, is_valid_templates_dict_mock):
policy_templates_dict = {
"Templates": {}
}
schema = "something"
is_valid_templates_dict_mock.return_value = True
PolicyTemplatesProcessor(policy_templates_dict, schema)
is_valid_templates_dict_mock.assert_called_once_with(policy_templates_dict, schema)
def test_convert_must_bubble_exceptions(self, template_from_dict_mock, is_valid_templates_dict):
policy_templates_dict = {
"Templates": {
"key1": "value1"
}
}
parameter_values = {
"a": "b"
}
template_obj_mock = Mock()
template_from_dict_mock.return_value = template_obj_mock
template_obj_mock.to_statement.side_effect = TypeError
processor = PolicyTemplatesProcessor(policy_templates_dict)
with self.assertRaises(TypeError):
processor.convert("key1", parameter_values)
def test_convert_must_work_for_known_template_names(self, template_from_dict_mock, is_valid_templates_dict):
policy_templates_dict = {
"Templates": {
"key1": "value1"
}
}
parameter_values = {
"a": "b"
}
template_obj_mock = Mock()
template_from_dict_mock.return_value = template_obj_mock
expected = {"stmt": "result"}
template_obj_mock.to_statement.return_value = expected
processor = PolicyTemplatesProcessor(policy_templates_dict)
result = processor.convert("key1", parameter_values)
self.assertEquals(result, expected)
template_obj_mock.to_statement.assert_called_once_with(parameter_values)
def test_is_valid_templates_dict_must_use_input_schema(self, read_schema_mock, jsonschema_validate_mock):
policy_templates_dict = {
"key": "value"
}
schema = "some schema"
jsonschema_validate_mock.return_value = True
result = PolicyTemplatesProcessor._is_valid_templates_dict(policy_templates_dict, schema)
self.assertTrue(result)
jsonschema_validate_mock.assert_called_once_with(policy_templates_dict, schema)
read_schema_mock.assert_not_called() # must not read schema if one is given
def test_read_json_must_read_from_file(self, json_loads_mock):
filepath = "some file"
json_return = "something"
json_loads_mock.return_value = json_return
open_mock = mock_open()
with patch("samtranslator.policy_template_processor.processor.open", open_mock):
result = PolicyTemplatesProcessor._read_json(filepath)
self.assertEquals(result, json_return)
open_mock.assert_called_once_with(filepath, "r")
self.assertEquals(1, json_loads_mock.call_count)
def test_is_valid_templates_dict_must_use_default_schema(self, read_schema_mock, jsonschema_validate_mock):
policy_templates_dict = {
"key": "value"
}
schema = "some schema"
read_schema_mock.return_value = schema
jsonschema_validate_mock.return_value = True
result = PolicyTemplatesProcessor._is_valid_templates_dict(policy_templates_dict)
self.assertTrue(result)
jsonschema_validate_mock.assert_called_once_with(policy_templates_dict, schema)
read_schema_mock.assert_called_once_with()
def test_init_must_convert_template_value_dict_to_object(self, template_from_dict_mock, is_valid_templates_dict_mock):
policy_templates_dict = {
"Templates": {
"key1": "value1",
"key2": "value2"
}
}
is_valid_templates_dict_mock.return_value = True
template_from_dict_mock.return_value = "Something"
processor = PolicyTemplatesProcessor(policy_templates_dict)
self.assertEquals(2, len(processor.policy_templates))
self.assertEquals(set(["key1", "key2"]), set(processor.policy_templates.keys()))
# Template.from_dict must be called only once for each template entry
self.assertEquals(2, template_from_dict_mock.call_count)
template_from_dict_mock.assert_any_call("key1", "value1")
template_from_dict_mock.assert_any_call("key2", "value2")
"""Shim for calling SAM translator"""
#pylint: disable = line-too-long,import-error
import argparse
from ast import literal_eval
from typing import Dict
import sys
import yaml
from samtranslator.policy_template_processor.processor import PolicyTemplatesProcessor
import samtranslator.policy_template_processor.exceptions as translator_errors
# This is the set of policy templates that Amazon provides for serverless apps:
# https://github.com/aws/serverless-application-model/blob/develop/samtranslator/policy_templates_data/policy_templates.json
# Lucky for us, the class has a utility method to load and validate the JSON document.
aws_templates = PolicyTemplatesProcessor.get_default_policy_templates_json()
ptp = PolicyTemplatesProcessor(aws_templates)
def get_policy(policy_name : str, parameters: Dict[str, any]) -> Dict[str, any]:
"""
Get a completed IAM policy statement from the named policy ready for inclusion in a CloudFormation template.
Args:
policy_name (str): The SAM policy template name
parameters (Dict[str, any]): The policy arguments
Returns:
Dict[str, any]: An IAM policy statement.
Raises:
InsufficientParameterValues: If the parameter values do not have values for all required parameters
TemplateNotFoundException: If the policy_name is not present in the set of SAM policy templates
