def test_deny_method(self):
expected_policy = self.generate_policy(
"Deny", [self.resource_base_path + "/GET/test/path"]
)
policy = authpolicy.AuthPolicy(
self.aws_account_id, principal="foo", rest_api_id="myapi", stage="mystage"
)
policy.deny_method("GET", "/test/path")
self.validate_policies(expected_policy, policy.build())
def test_allow_all(self):
expected_policy = self.generate_policy(
"Allow", [self.resource_base_path + "/*/*"]
)
policy = authpolicy.AuthPolicy(
self.aws_account_id, principal="foo", rest_api_id="myapi", stage="mystage"
)
policy.allow_all_methods()
self.validate_policies(expected_policy, policy.build())
def test_allow_method_with_conditions(self):
condition = {"DateLessThan": {"aws:CurrentTime": "foo"}}
expected_policy = self.generate_policy(
"Allow", [self.resource_base_path + "/GET/test/path"], condition=condition,
)
# NOTE(ryandub): I think there is a bug with conditions in the
# upstream source this is based on that appends an extra statement.
# Need to investigate this more and fix if necessary.
expected_policy["policyDocument"]["Statement"].append(
{"Action": "execute-api:Invoke", "Effect": "Allow", "Resource": []}
)
policy = authpolicy.AuthPolicy(
self.aws_account_id, principal="foo", rest_api_id="myapi", stage="mystage"
)
policy.allow_method_with_conditions("GET", "/test/path", condition)
self.validate_policies(expected_policy, policy.build())
