def policy_documents(self) -> List[OptionallyNamedPolicyDocument]:
result = []
policies = self.Properties.Policies if self.Properties and self.Properties.Policies else []
for policy in policies:
result.append(
OptionallyNamedPolicyDocument(
name=policy.PolicyName,
policy_document=policy.PolicyDocument))
return result
def obtain_policy_documents(self, policy_documents: List,
properties: List[Any]):
"""
Obtains recursively all the optionally named policy documents within a given list of properties.
"""
for property_type in properties:
if isinstance(property_type, PolicyDocument):
policy_documents.append(
OptionallyNamedPolicyDocument(
policy_document=property_type, name=None))
elif isinstance(property_type, Policy):
policy_documents.append(
OptionallyNamedPolicyDocument(
name=property_type.PolicyName,
policy_document=property_type.PolicyDocument))
elif isinstance(property_type, OptionallyNamedPolicyDocument):
policy_documents.append(property_type)
elif isinstance(property_type, list):
self.obtain_policy_documents(policy_documents=policy_documents,
properties=property_type)
elif isinstance(property_type, Generic):
self.obtain_policy_documents(
policy_documents=policy_documents,
properties=list(property_type.__dict__.values()))
def test_can_obtain_policy_documents_from_inherited_method(valid_opensearch_domain_with_access_policies):
assert len(valid_opensearch_domain_with_access_policies.policy_documents) == 1
assert valid_opensearch_domain_with_access_policies.policy_documents == [
OptionallyNamedPolicyDocument(
policy_document=PolicyDocument(
Statement=[
Statement(
Effect="Allow",
Action="es:*",
Resource="arn:aws:es:us-east-1:123456789012:domain/test/*",
Principal=Principal(AWS="arn:aws:iam::123456789012:user/opensearch-user"),
)
]
),
name=None,
),
]
"Statement": [{
"Effect": "Allow",
"Action": ["service:GetService"],
"Resource": "*",
}],
},
},
}
},
},
[
OptionallyNamedPolicyDocument(
policy_document=PolicyDocument(Statement=[
Statement(
Effect="Allow",
Action=["service:GetService"],
Resource="*",
)
]),
name=None,
)
],
1,
),
(
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description":
"Test resolving a nonexistent resource to Resource class",
"Resources": {
"NonexistentResource": {
"Type": "AWS::Non::Existent",
def test_sns_policy_documents(sns_topic_policy):
assert sns_topic_policy.policy_documents == [
OptionallyNamedPolicyDocument(
name=None,
policy_document=sns_topic_policy.Properties.PolicyDocument)
]
def test_sqs_policy_documents(sqs_queue_policy):
assert sqs_queue_policy.policy_documents == [
OptionallyNamedPolicyDocument(name=None, policy_document=sqs_queue_policy.Properties.PolicyDocument)
]
def test_iam_managedpolicy_policy_documents(iam_managed_policy):
assert iam_managed_policy.policy_documents == [
OptionallyNamedPolicyDocument(
name="ManagedPolicy",
policy_document=iam_managed_policy.Properties.PolicyDocument)
]
def test_ec2_vpc_endpoint_policy_documents(ec2_vpc_endpoint_policy):
assert ec2_vpc_endpoint_policy.policy_documents == [
OptionallyNamedPolicyDocument(name=None, policy_document=ec2_vpc_endpoint_policy.Properties.PolicyDocument)
]
def test_s3_bucketpolicy_policy_document_property(s3_bucket_policy):
assert s3_bucket_policy.policy_documents == [
OptionallyNamedPolicyDocument(
name=None,
policy_document=s3_bucket_policy.Properties.PolicyDocument)
]
def policy_documents(self) -> List[OptionallyNamedPolicyDocument]:
return [
OptionallyNamedPolicyDocument(
name=None, policy_document=self.Properties.PolicyDocument)
]
def test_iamgroup_policy_documents(iam_group):
assert iam_group.policy_documents == [
OptionallyNamedPolicyDocument(
name="BadPolicy",
policy_document=iam_group.Properties.Policies[0].PolicyDocument)
]
def test_iam_role_policy_documents(iam_user):
assert iam_user.policy_documents == [
OptionallyNamedPolicyDocument(name="BadPolicy", policy_document=iam_user.Properties.Policies[0].PolicyDocument)
]
def test_iamrole_policy_documents(iam_role):
assert iam_role.policy_documents == [
OptionallyNamedPolicyDocument(
name="root",
policy_document=iam_role.Properties.Policies[0].PolicyDocument)
]