Python info Examples

Example #1

File: test_arn.py Project: patricksanders/policyuniverse

    def test_from_account_number(self):
        proper_account_numbers = [
            "012345678912", "123456789101", "123456789101"
        ]

        improper_account_numbers = [
            "*",
            "O12345678912",  # 'O' instead of '0'
            "asdfqwer",
            "123456",
            "89789456314356132168978945",
            "568947897*",
        ]

        # Proper account number tests:
        for accnt in proper_account_numbers:
            logger.info("Testing Proper Account Number: {}".format(accnt))
            arn_obj = ARN(accnt)

            self.assertFalse(arn_obj.error)

        # Improper account number tests:
        for accnt in improper_account_numbers:
            logger.info("Testing IMPROPER Account Number: {}".format(accnt))
            arn_obj = ARN(accnt)

            self.assertTrue(arn_obj.error)

Example #2

File: test_organization.py Project: georgepsarakis/policyuniverse

    def test_from_org_id(self):
        # test valid organization IDs
        valid_org_ids = ["o-a1b2c3d4e5", "o-*", "*"]

        for org_id in valid_org_ids:
            logger.info("Testing valid organization ID: {}".format(org_id))
            organization_obj = Organization(org_id)

            self.assertFalse(organization_obj.error)
            self.assertEqual(org_id, organization_obj.organization)

        # test invalid organization IDs
        invalid_org_ids = [
            "o*",
            "r-*/ou-a1s2d3f4g5",
            "/o-*",
            "r-ab12",
            "ou-22222222",
        ]

        for org_id in invalid_org_ids:
            logger.info("Testing invalid organization ID: {}".format(org_id))
            organization_obj = Organization(org_id)

            self.assertTrue(organization_obj.error)

Example #3

    def test_from_account_number(self):
        proper_account_numbers = [
            '012345678912', '123456789101', '123456789101'
        ]

        improper_account_numbers = [
            '*',
            'O12345678912',  # 'O' instead of '0'
            'asdfqwer',
            '123456',
            '89789456314356132168978945',
            '568947897*'
        ]

        # Proper account number tests:
        for accnt in proper_account_numbers:
            logger.info('Testing Proper Account Number: {}'.format(accnt))
            arn_obj = ARN(accnt)

            self.assertFalse(arn_obj.error)

        # Improper account number tests:
        for accnt in improper_account_numbers:
            logger.info('Testing IMPROPER Account Number: {}'.format(accnt))
            arn_obj = ARN(accnt)

            self.assertTrue(arn_obj.error)

Example #4

File: test_arn.py Project: patricksanders/policyuniverse

    def test_from_arn(self):
        proper_arns = [
            "events.amazonaws.com",
            "cloudtrail.amazonaws.com",
            "arn:aws:iam::012345678910:root",
            "arn:aws:iam::012345678910:role/SomeTestRoleForTesting",
            "arn:aws:iam::012345678910:instance-profile/SomeTestInstanceProfileForTesting",
            "arn:aws:iam::012345678910:role/*",
            "arn:aws:iam::012345678910:role/SomeTestRole*",
            "arn:aws:s3:::some-s3-bucket",
            "arn:aws:s3:*:*:some-s3-bucket",
            "arn:aws:s3:::some-s3-bucket/some/path/within/the/bucket"
            "arn:aws:s3:::some-s3-bucket/*",
            "arn:aws:ec2:us-west-2:012345678910:instance/*",
            "arn:aws:ec2:ap-northeast-1:012345678910:security-group/*",
            "arn:aws-cn:ec2:ap-northeast-1:012345678910:security-group/*",
            "arn:aws-us-gov:ec2:gov-west-1:012345678910:instance/*",
            "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EXXXXXXXXXXXXX",
            "arn:aws:iam::aws:policy/AlexaForBusinessDeviceSetup",
        ]

        # Proper ARN Tests:
        for arn in proper_arns:
            logger.info("Testing Proper ARN: {}".format(arn))
            arn_obj = ARN(arn)

            self.assertFalse(arn_obj.error)
            if "root" in arn:
                self.assertTrue(arn_obj.root)
            else:
                self.assertFalse(arn_obj.root)

            if ".amazonaws.com" in arn:
                self.assertTrue(arn_obj.service)
            else:
                self.assertFalse(arn_obj.service)

        bad_arns = [
            "arn:aws:iam::012345678910",
            "arn:aws:iam::012345678910:",
            "*",
            "arn:s3::::",
            "arn:arn:arn:arn:arn:arn",
        ]

        # Improper ARN Tests:
        for arn in bad_arns:
            logger.info("Testing IMPROPER ARN: {}".format(arn))
            arn_obj = ARN(arn)

            self.assertTrue(arn_obj.error)

Example #5

File: test_organization.py Project: georgepsarakis/policyuniverse

    def test_parent_and_child_validity(self):
        # https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-principalorgpaths
        # Source of test cases and explanation

        org_path = "o-a1b2c3d4e5/r-ab12/ou-ab12-11111111/ou-ab12-22222222/"
        logger.info("Testing parent:true/child:false case {}".format(org_path))
        organization_obj = Organization(org_path)
        self.assertTrue(organization_obj.valid_for_parent_ou)
        self.assertFalse(organization_obj.valid_for_child_ous)

        org_path = "o-a1b2c3d4e5/r-ab12/ou-ab12-11111111/ou-ab12-22222222/*"
        logger.info("Testing parent:true/child:true case {}".format(org_path))
        organization_obj = Organization(org_path)
        self.assertTrue(organization_obj.valid_for_parent_ou)
        self.assertTrue(organization_obj.valid_for_child_ous)

        org_path = "o-a1b2c3d4e5/r-ab12/ou-ab12-11111111/ou-ab12-22222222/ou-*"
        logger.info("Testing parent:false/child:true case {}".format(org_path))
        organization_obj = Organization(org_path)
        self.assertFalse(organization_obj.valid_for_parent_ou)
        self.assertTrue(organization_obj.valid_for_child_ous)

        # show false/false as there is neither parent nor child
        org_path = "o-a1b2c3d4e5/*"
        logger.info(
            "Testing parent:false/child:false case {}".format(org_path))
        organization_obj = Organization(org_path)
        self.assertFalse(organization_obj.valid_for_parent_ou)
        self.assertFalse(organization_obj.valid_for_child_ous)

Example #6

    def test_from_arn(self):
        proper_arns = [
            'events.amazonaws.com', 'cloudtrail.amazonaws.com',
            'arn:aws:iam::012345678910:root',
            'arn:aws:iam::012345678910:role/SomeTestRoleForTesting',
            'arn:aws:iam::012345678910:instance-profile/SomeTestInstanceProfileForTesting',
            'arn:aws:iam::012345678910:role/*',
            'arn:aws:iam::012345678910:role/SomeTestRole*',
            'arn:aws:s3:::some-s3-bucket', 'arn:aws:s3:*:*:some-s3-bucket',
            'arn:aws:s3:::some-s3-bucket/some/path/within/the/bucket'
            'arn:aws:s3:::some-s3-bucket/*',
            'arn:aws:ec2:us-west-2:012345678910:instance/*',
            'arn:aws:ec2:ap-northeast-1:012345678910:security-group/*',
            'arn:aws-cn:ec2:ap-northeast-1:012345678910:security-group/*',
            'arn:aws-us-gov:ec2:gov-west-1:012345678910:instance/*',
            'arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EXXXXXXXXXXXXX'
        ]

        # Proper ARN Tests:
        for arn in proper_arns:
            logger.info('Testing Proper ARN: {}'.format(arn))
            arn_obj = ARN(arn)

            self.assertFalse(arn_obj.error)
            if "root" in arn:
                self.assertTrue(arn_obj.root)
            else:
                self.assertFalse(arn_obj.root)

            if ".amazonaws.com" in arn:
                self.assertTrue(arn_obj.service)
            else:
                self.assertFalse(arn_obj.service)

        bad_arns = [
            'arn:aws:iam::012345678910', 'arn:aws:iam::012345678910:', '*',
            'arn:s3::::', "arn:arn:arn:arn:arn:arn"
        ]

        # Improper ARN Tests:
        for arn in bad_arns:
            logger.info('Testing IMPROPER ARN: {}'.format(arn))
            arn_obj = ARN(arn)

            self.assertTrue(arn_obj.error)

Example #7

File: test_organization.py Project: georgepsarakis/policyuniverse

    def test_from_org_path(self):
        # test valid organization paths
        valid_org_paths = [
            "o-a1b2c3d4e5/*",
            "o-a1b2c3d4e5/*/ou-ab12-22222222",
            "o-a1b2c3d4e5/r-*/ou-*",
            "o-a1b2c3d4e5/r-ab12/ou-ab12-11111111",
            "o-a1b2c3d4e5/r-ab12/ou-ab12-11111111/ou-ab12-22222222/",
            "o-a1b2c3d4e5/r-ab12/ou-ab12-11111111/ou-ab12-22222222/*",
            "o-a1b2c3d4e5/r-ab12/ou-ab12-11111111/ou-ab12-22222222/ou-*",
            "o-a1b2c3d4e5/r-ab12/ou-ab12-11111111/ou-ab12-22222222/ou-ab12-33333333/ou-*",
            "*/*",
            "*/*/*",
        ]

        for org_path in valid_org_paths:
            logger.info("Testing valid organization path: {}".format(org_path))
            organization_obj = Organization(org_path)

            self.assertFalse(organization_obj.error)

        # test invalid organization paths
        invalid_org_paths = [
            "dynamodb.amazonaws.com",
            "arn:aws:kms:region:111122223333:key/my-example-key",
            "111122223333",
            "arn:aws:s3:::some-s3-bucket",
            "arn:aws:iam::aws:policy/AlexaForBusinessDeviceSetup",
            "o-a1b2c3d4e5/*/*/*/*",
            "o-a1b2c3d4e5/r-ab12/ou-ab12-11111111/ou-*/ou-*",
            "o-a1b2c3d4e5/o-a1b2c3d4e5/r-ab12/ou-22222222",
            "ou-a1b2c3d4e5/r-ab12/ou-22222222",
            "*/*/*/*",
            "o-a1b2c3d4e5/r-ab12/ou-ab12-11111111/ou-ab12-22222222/ou-ab12-33333333/o-*",
            "o-a1b2c3d4e5/r-ab12/ou-ab12-11111111/ou-ab12-22222222/ou-ab12-33333333/r-*",
        ]

        for org_path in invalid_org_paths:
            logger.info(
                "Testing invalid organization path: {}".format(org_path))
            organization_obj = Organization(org_path)

            self.assertTrue(organization_obj.error)

Example #8

File: test_organization.py Project: georgepsarakis/policyuniverse

    def test_root_toggles_child_validity_in_path(self):
        # https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-principalorgpaths
        # If an orgpath is given with a root of *, any OU regardless of parent
        # can access the resource, so long as it is in the organization.
        # The same can be said of Organizations, from my understanding.
        # However, once an OU is given, OU-based restrictions apply.

        org_path = "o-a1b2c3d4e5"
        logger.info("Testing path without root: {}".format(org_path))
        organization_obj = Organization(org_path)
        self.assertTrue(organization_obj.valid_for_all_ous)

        org_path = "o-a1b2c3d4e5/*"
        logger.info("Testing path with root *: {}".format(org_path))
        organization_obj = Organization(org_path)
        self.assertTrue(organization_obj.valid_for_all_ous)

        org_path = "o-a1b2c3d4e5/*/ou-ab12-22222222"
        logger.info(
            "Testing path with root * and trailing path: {}".format(org_path))
        organization_obj = Organization(org_path)
        self.assertFalse(organization_obj.valid_for_all_ous)