def test_add_policy_to_role(self):
policy_1 = Policy(name="1", arn="arn_1")
policy_2 = Policy(name="2", arn="arn_2")
self.role.policies.append(policy_1)
assert self.role.policies[0] == policy_1
assert len(self.role.policies) == 1
self.role.policies.append(policy_2)
assert len(self.role.policies) == 2
def test_add_policy_to_account(self):
policy_1 = Policy(name="1", arn="arn_1")
policy_2 = Policy(name="2", arn="arn_2")
print(policy_2)
self.account.policies.append(policy_1)
assert self.account.policies[0] == policy_1
assert len(self.account.policies) == 1
self.account.policies.append(policy_2)
assert len(self.account.policies) == 2
def test_update_last_access_policies(self, db_mock, policy_mock):
iam = MagicMock()
iam.get_last_access_data_for_arn.return_value = {
'arn:1': {'LasAuthenticated'}
}
au = AccessUpdater(iam, "account_id")
p1 = Policy(arn='arn:1')
p2 = Policy(arn='arn:2')
pe1 = Permission()
pe2 = Permission()
pe1.service = Service(name='sqs')
pe2.service = Service(name='s3')
permissions = [pe1, pe1]
p1.permissions.append(pe1)
p2.permissions.append(pe2)
policy_mock.query.filter_by.return_value.all.return_value = [p1, p2]
au.update_policies_last_access()
assert au._get_policies() == [p1, p2]
assert pe1 == pe1
def test_update_last_access_policies_exception(self, db_mock, policy_mock):
db_mock.session.add.side_effect = SQLAlchemyError
iam = MagicMock()
iam.get_last_access_data_for_arn.return_value = {
'arn:1': {'LasAuthenticated'}
}
au = AccessUpdater(iam, "account_id")
p1 = Policy(arn='arn:1')
p2 = Policy(arn='arn:2')
pe1 = Permission()
pe2 = Permission()
pe1.service = Service(name='sqs')
pe2.service = Service(name='s3')
permissions = [pe1, pe1]
p1.permissions.append(pe1)
p2.permissions.append(pe2)
policy_mock.query.filter_by.return_value.all.return_value = [p1, p2]
try:
au.update_policies_last_access()
assert False
except SQLAlchemyError:
assert True
def _get_policies_from_response(self, aws_policies):
for aws_policy in aws_policies:
policy = Policy.find_or_create(aws_policy["Arn"], self.iam.get_account().id)
permissions = self._get_permissions_from_aws_policy(aws_policy, policy)
self._fill_policy(policy, aws_policy, permissions)
yield policy
def test_find_or_create(self, mock_db,mock_pol):
mock_pol.filter_by.return_value.first.return_value = None
pol_new = Policy(arn="arn")
pol = Policy.find_or_create("arn", "123123123")
assert pol.arn == pol_new.arn
def test_find_or_create(self, mock_db,mock_pol):
mock_pol.query.filter_by.return_value.first.return_value = "string"
pol = Policy.find_or_create("arn", "123123123")
assert pol == "string"