def setUpClass(cls):
cls.directory, cls.schema_arn = new_test_directory()
cls.default_policy = get_json_file(default_user_policy_path)
cls.default_user_policies = sorted([
normalize_json(get_json_file(default_user_role_path)),
normalize_json(get_json_file(default_group_policy_path))
])
def test_get_groups(self):
name = "*****@*****.**"
test_groups = [(f"group_{i}", create_test_IAMPolicy(f"GroupPolicy{i}"))
for i in range(5)]
groups = [Group.create(*i) for i in test_groups]
user = User.provision_user(name)
with self.subTest(
"A user is in the public group when user is first created."):
self.assertEqual(
Group(object_ref=user.groups[0]).name, 'user_default')
user.add_groups([])
with self.subTest(
"A user is added to no groups when add_groups is called with no groups"
):
self.assertEqual(len(user.groups), 1)
with self.subTest(
"An error is returned when add a user to a group that does not exist."
):
with self.assertRaises(
cd_client.exceptions.BatchWriteException) as ex:
user.add_groups(["ghost_group"])
self.assertTrue('ResourceNotFoundException' in
ex.exception.response['Error']['Message'])
self.assertEqual(len(user.groups), 1)
with self.subTest(
"An error is returned when add a user to a group that they are already apart."
):
with self.assertRaises(
cd_client.exceptions.BatchWriteException) as ex:
user.add_groups(["user_default"])
self.assertTrue('InvalidAttachmentException' in
ex.exception.response['Error']['Message'])
self.assertEqual(len(user.groups), 1)
user.add_groups([group.name for group in groups])
with self.subTest(
"A user is added to multiple groups when add_groups is called with multiple groups"
):
self.assertEqual(len(user.groups), 6)
with self.subTest(
"A user inherits the groups policies when joining a group"):
policies = set([
normalize_json(p['policy_document'])
for p in user.get_authz_params()['IAMPolicy']
])
expected_policies = set(
[normalize_json(i[1]) for i in test_groups])
expected_policies.update(self.default_user_policies)
self.assertSetEqual(policies, expected_policies)
def test_roles(self):
roles = ['role1', 'role2']
role_objs = [
Role.create(name, create_test_IAMPolicy(name)) for name in roles
]
with self.subTest(
"multiple roles return when multiple roles are attached to group."
):
group = Group.create("test_roles")
group.add_roles(roles)
self.assertEqual(len(group.roles), 2)
with self.subTest(
"policies inherited from roles are returned when lookup policies is called"
):
group_policies = sorted([
normalize_json(p['policy_document'])
for p in group.get_authz_params()['IAMPolicy']
])
role_policies = sorted(
[normalize_json(role.get_policy())
for role in role_objs] + [self.default_group_statement])
self.assertListEqual(group_policies, role_policies)
def setUpClass(cls):
cls.directory, cls.schema_arn = new_test_directory()
cls.default_role_statement = normalize_json(
get_json_file(default_role_path))
def assertJSONListEqual(self, expected, actual, *args, **kwargs):
"check if two lists of json objects are equal."
expected = set([normalize_json(i) for i in expected])
actual = set([normalize_json(i) for i in actual])
self.assertEqual(expected, actual, *args, **kwargs)
def assertJSONEqual(self, expected, actual, *args, **kwargs):
self.assertEqual(normalize_json(expected), normalize_json(actual),
*args, **kwargs)
def assertJSONIn(self, member, group, *args, **kwargs):
group = set([normalize_json(i) for i in group])
member = normalize_json(member)
self.assertIn(member, group, *args, **kwargs)