def create_policy_document_from_template(user_name, variables):
with open('s3fs_policy_template.json', 'r') as statement_raw:
statement = json.load(statement_raw)
home_key_arn = aws_caller.get_kms_arn(f'alias/{user_name}-home')
if home_key_arn == None:
logger.warning(
f'No KMS found in account for alias: \"alias/{user_name}-home\"')
s3fsaccessdocument = statement[0].get('Resource')
s3fskmsaccessdocument = statement[1].get('Resource')
s3fslist = statement[2].get('Resource')
s3fsaccessdocument.append(
f'{variables["s3fs_bucket_arn"]}/home/{user_name}/*')
s3fskmsaccessdocument.extend([
item for item in [variables["s3fs_kms_arn"], home_key_arn]
if item is not None
])
s3fslist.append(variables["s3fs_bucket_arn"])
return statement
def test_get_kms_arn_not_found_kms(self, mock_describe_key):
mock_describe_key.side_effect = botocore.exceptions.ClientError(
{'Error': {
'Code': 'NotFoundException'
}}, 'KMS')
assert aws_caller.get_kms_arn("/alias/test") == None
def test_get_kms_arn_found_kms(self, mock_describe_key):
mock_describe_key.return_value = kms_found_response
assert aws_caller.get_kms_arn(
"/alias/test"
) == 'arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab'