def __init__(self, **kwargs):
if not self.trusted_service(kwargs["ServicePrincipal"]):
raise InvalidInputException(
"You specified an unrecognized service principal.")
self.service_principal = kwargs["ServicePrincipal"]
self.date_enabled = datetime.datetime.utcnow()
def detach_policy(self, **kwargs):
policy = self.get_policy_by_id(kwargs["PolicyId"])
root_id_regex = utils.ROOT_ID_REGEX
ou_id_regex = utils.OU_ID_REGEX
account_id_regex = utils.ACCOUNT_ID_REGEX
target_id = kwargs["TargetId"]
if re.match(root_id_regex, target_id) or re.match(
ou_id_regex, target_id):
ou = next((ou for ou in self.ou if ou.id == target_id), None)
if ou is not None:
if policy in ou.attached_policies:
ou.attached_policies.remove(policy)
policy.attachments.remove(ou)
else:
raise RESTError(
"OrganizationalUnitNotFoundException",
"You specified an organizational unit that doesn't exist.",
)
elif re.match(account_id_regex, target_id):
account = next(
(account
for account in self.accounts if account.id == target_id),
None,
)
if account is not None:
if policy in account.attached_policies:
account.attached_policies.remove(policy)
policy.attachments.remove(account)
else:
raise AccountNotFoundException
else:
raise InvalidInputException("You specified an invalid value.")
def attach_policy(self, **kwargs):
policy = self.get_policy_by_id(kwargs["PolicyId"])
if re.compile(utils.ROOT_ID_REGEX).match(
kwargs["TargetId"]) or re.compile(utils.OU_ID_REGEX).match(
kwargs["TargetId"]):
ou = next((ou for ou in self.ou if ou.id == kwargs["TargetId"]),
None)
if ou is not None:
if policy not in ou.attached_policies:
ou.attached_policies.append(policy)
policy.attachments.append(ou)
else:
raise RESTError(
"OrganizationalUnitNotFoundException",
"You specified an organizational unit that doesn't exist.",
)
elif re.compile(utils.ACCOUNT_ID_REGEX).match(kwargs["TargetId"]):
account = next(
(a for a in self.accounts if a.id == kwargs["TargetId"]), None)
if account is not None:
if policy not in account.attached_policies:
account.attached_policies.append(policy)
policy.attachments.append(account)
else:
raise AccountNotFoundException
else:
raise InvalidInputException("You specified an invalid value.")
def remove_service_principal(self, service_principal):
if service_principal not in self.services:
raise InvalidInputException(
"You specified an unrecognized service principal."
)
self.services.pop(service_principal)
def remove_policy_type(self, policy_type):
if not FakePolicy.supported_policy_type(policy_type):
raise InvalidInputException("You specified an invalid value.")
if all(type["Type"] != policy_type for type in self.policy_types):
raise PolicyTypeNotEnabledException
self.policy_types.remove({"Type": policy_type, "Status": "ENABLED"})
def add_policy_type(self, policy_type):
if policy_type not in self.SUPPORTED_POLICY_TYPES:
raise InvalidInputException("You specified an invalid value.")
if any(type["Type"] == policy_type for type in self.policy_types):
raise PolicyTypeAlreadyEnabledException
self.policy_types.append({"Type": policy_type, "Status": "ENABLED"})
def tag_resource(self, **kwargs):
account = next((a for a in self.accounts if a.id == kwargs["ResourceId"]), None)
if account is None:
raise InvalidInputException(
"You provided a value that does not match the required pattern."
)
new_tags = {tag["Key"]: tag["Value"] for tag in kwargs["Tags"]}
account.tags.update(new_tags)
def list_tags_for_resource(self, **kwargs):
account = next((a for a in self.accounts if a.id == kwargs["ResourceId"]), None)
if account is None:
raise InvalidInputException(
"You provided a value that does not match the required pattern."
)
tags = [{"Key": key, "Value": value} for key, value in account.tags.items()]
return dict(Tags=tags)
def untag_resource(self, **kwargs):
account = next((a for a in self.accounts if a.id == kwargs["ResourceId"]), None)
if account is None:
raise InvalidInputException(
"You provided a value that does not match the required pattern."
)
for key in kwargs["TagKeys"]:
account.tags.pop(key, None)
def describe_policy(self, **kwargs):
if re.compile(utils.POLICY_ID_REGEX).match(kwargs["PolicyId"]):
policy = next(
(p for p in self.policies if p.id == kwargs["PolicyId"]), None)
if policy is None:
raise RESTError(
"PolicyNotFoundException",
"You specified a policy that doesn't exist.",
)
else:
raise InvalidInputException("You specified an invalid value.")
return policy.describe()
def list_children(self, **kwargs):
parent_id = self.validate_parent_id(kwargs["ParentId"])
if kwargs["ChildType"] == "ACCOUNT":
obj_list = self.accounts
elif kwargs["ChildType"] == "ORGANIZATIONAL_UNIT":
obj_list = self.ou
else:
raise InvalidInputException("You specified an invalid value.")
return dict(Children=[{
"Id": obj.id,
"Type": kwargs["ChildType"]
} for obj in obj_list if obj.parent_id == parent_id])
def add_service_principal(self, service_principal):
if service_principal in self.services:
raise AccountAlreadyRegisteredException
if not self.supported_service(service_principal):
raise InvalidInputException(
"You specified an unrecognized service principal.")
self.services[service_principal] = {
"ServicePrincipal": service_principal,
"DelegationEnabledDate": unix_time(datetime.datetime.utcnow()),
}
def disable_aws_service_access(self, **kwargs):
if not FakeServiceAccess.trusted_service(kwargs["ServicePrincipal"]):
raise InvalidInputException(
"You specified an unrecognized service principal.")
service_principal = next(
(service for service in self.services
if service["ServicePrincipal"] == kwargs["ServicePrincipal"]),
None,
)
if service_principal:
self.services.remove(service_principal)
def list_delegated_administrators(self, **kwargs):
admins = self.admins
service = kwargs.get("ServicePrincipal")
if service:
if not FakeDelegatedAdministrator.supported_service(service):
raise InvalidInputException(
"You specified an unrecognized service principal.")
admins = [admin for admin in admins if service in admin.services]
delegated_admins = [admin.describe() for admin in admins]
return dict(DelegatedAdministrators=delegated_admins)
def list_policies_for_target(self, **kwargs):
_filter = kwargs["Filter"]
if re.match(utils.ROOT_ID_REGEX, kwargs["TargetId"]):
obj = next((ou for ou in self.ou if ou.id == kwargs["TargetId"]),
None)
if obj is None:
raise TargetNotFoundException
elif re.compile(utils.OU_ID_REGEX).match(kwargs["TargetId"]):
obj = next((ou for ou in self.ou if ou.id == kwargs["TargetId"]),
None)
if obj is None:
raise RESTError(
"OrganizationalUnitNotFoundException",
"You specified an organizational unit that doesn't exist.",
)
elif re.compile(utils.ACCOUNT_ID_REGEX).match(kwargs["TargetId"]):
obj = next(
(a for a in self.accounts if a.id == kwargs["TargetId"]), None)
if obj is None:
raise AccountNotFoundException
else:
raise InvalidInputException("You specified an invalid value.")
if not FakePolicy.supported_policy_type(_filter):
raise InvalidInputException("You specified an invalid value.")
if _filter not in [
"AISERVICES_OPT_OUT_POLICY", "SERVICE_CONTROL_POLICY"
]:
raise NotImplementedError(
"The {0} policy type has not been implemented".format(_filter))
return dict(Policies=[
p.describe()["Policy"]["PolicySummary"]
for p in obj.attached_policies if p.type == _filter
])
def list_targets_for_policy(self, **kwargs):
if re.compile(utils.POLICY_ID_REGEX).match(kwargs["PolicyId"]):
policy = next(
(p for p in self.policies if p.id == kwargs["PolicyId"]), None
)
if policy is None:
raise RESTError(
"PolicyNotFoundException",
"You specified a policy that doesn't exist.",
)
else:
raise InvalidInputException("You specified an invalid value.")
objects = [
{"TargetId": obj.id, "Arn": obj.arn, "Name": obj.name, "Type": obj.type}
for obj in policy.attachments
]
return dict(Targets=objects)
def _get_resource_for_tagging(self, resource_id):
if utils.fullmatch(
re.compile(utils.OU_ID_REGEX), resource_id
) or utils.fullmatch(utils.ROOT_ID_REGEX, resource_id):
resource = next((a for a in self.ou if a.id == resource_id), None)
elif utils.fullmatch(re.compile(utils.ACCOUNT_ID_REGEX), resource_id):
resource = next((a for a in self.accounts if a.id == resource_id), None)
elif utils.fullmatch(re.compile(utils.POLICY_ID_REGEX), resource_id):
resource = next((a for a in self.policies if a.id == resource_id), None)
else:
raise InvalidInputException(
"You provided a value that does not match the required pattern."
)
if resource is None:
raise TargetNotFoundException
return resource
def __init__(self, organization, **kwargs):
self.content = kwargs.get("Content")
self.description = kwargs.get("Description")
self.name = kwargs.get("Name")
self.type = kwargs.get("Type")
self.id = utils.make_random_policy_id()
self.aws_managed = False
self.organization_id = organization.id
self.master_account_id = organization.master_account_id
self.attachments = []
if not FakePolicy.supported_policy_type(self.type):
raise InvalidInputException("You specified an invalid value.")
elif self.type == "AISERVICES_OPT_OUT_POLICY":
self._arn_format = utils.AI_POLICY_ARN_FORMAT
elif self.type == "SERVICE_CONTROL_POLICY":
self._arn_format = utils.SCP_ARN_FORMAT
else:
raise NotImplementedError(
"The {0} policy type has not been implemented".format(
self.type))