def testNaclSinglePortIPv6Outbound(self):
generated_resource_name = "NaclPublicOutbound100"
event = {}
event["region"] = "ap-southeast-2"
event["requestId"] = "testRequest"
event["fragment"] = {
"Resources": {
"NaclPublic": {
"Type": "AWS::EC2::NetworkAcl",
"Properties": {
"Outbound":
["100,6,allow,2406:da1c:a9e:b901::/64,443"]
}
}
}
}
result = macro.handler(event, None)
fragment = result["fragment"]
expected_resources = ["NaclPublic", generated_resource_name]
expected_resources.sort()
actual_resources = list(fragment["Resources"].keys())
actual_resources.sort()
self.assertEqual(expected_resources, actual_resources)
self.assertEqual(
fragment["Resources"][generated_resource_name]["Type"],
"AWS::EC2::NetworkAclEntry")
properties_totest = fragment["Resources"][generated_resource_name][
"Properties"]
self.assertEqual(properties_totest["Ipv6CidrBlock"],
"2406:da1c:a9e:b901::/64")
self.assertEqual(properties_totest["Protocol"], "6")
self.assertEqual(properties_totest["Egress"], True)
self.assertEqual(properties_totest["NetworkAclId"],
{"Ref": "NaclPublic"})
self.assertEqual(properties_totest["RuleAction"], "allow")
self.assertEqual(properties_totest["RuleNumber"], "100")
self.assertEqual(properties_totest["PortRange"]["From"], "443")
self.assertEqual(properties_totest["PortRange"]["To"], "443")
self.assertRaises(
KeyError,
lambda: fragment["Resources"]["NaclPublic"]["Association"])
self.assertRaises(
KeyError, lambda: fragment["Resources"]["NaclPublic"]["Outbound"])
self.assertRaises(
KeyError, lambda: fragment["Resources"]["NaclPublic"]["Inbound"])
def testNonSSOPassedThrough(self):
event = {}
event["region"] = "ap-southeast-2"
event["requestId"] = "testRequest"
event["fragment"] = {
"Resources": {
"S3Bucket": {
"Type": "AWS::S3::Bucket"
}
}
}
result = macro.handler(event, None)
fragment = result["fragment"]
expected_resources = ["S3Bucket"]
expected_resources.sort()
actual_resources = list(fragment["Resources"].keys())
actual_resources.sort()
self.assertEqual(expected_resources, actual_resources)
self.assertEqual(fragment["Resources"]["S3Bucket"]["Type"],
"AWS::S3::Bucket")
def testNaclSinglePortOutboundWithRefAndJoin(self):
generated_resource_name = "NaclPublicOutbound100"
event = {}
event["region"] = "ap-southeast-2"
event["requestId"] = "testRequest"
event["fragment"] = {
"Resources": {
"NaclPublic": {
"Type": "AWS::EC2::NetworkAcl",
"Properties": {
"Outbound": [
"100,6,allow,'{ \"Fn::Join\" : [\"\", [{\"Ref\" : \"CIDR\"}, \".0.0/16\"]]}',443"
]
}
}
}
}
result = macro.handler(event, None)
fragment = result["fragment"]
expected_resources = ["NaclPublic", generated_resource_name]
expected_resources.sort()
actual_resources = list(fragment["Resources"].keys())
actual_resources.sort()
self.assertEqual(expected_resources, actual_resources)
self.assertEqual(
fragment["Resources"][generated_resource_name]["Type"],
"AWS::EC2::NetworkAclEntry")
properties_totest = fragment["Resources"][generated_resource_name][
"Properties"]
self.assertEqual(properties_totest["CidrBlock"],
{"Fn::Join": ["", [{
"Ref": "CIDR"
}, ".0.0/16"]]})
self.assertEqual(properties_totest["Protocol"], "6")
self.assertEqual(properties_totest["Egress"], True)
self.assertEqual(properties_totest["NetworkAclId"],
{"Ref": "NaclPublic"})
self.assertEqual(properties_totest["RuleAction"], "allow")
self.assertEqual(properties_totest["RuleNumber"], "100")
self.assertEqual(properties_totest["PortRange"]["From"], "443")
self.assertEqual(properties_totest["PortRange"]["To"], "443")
def testNaclAssociation(self):
generated_resource_name = "SubnetANaclPublic"
event = {}
event["region"] = "ap-southeast-2"
event["requestId"] = "testRequest"
event["fragment"] = {
"Resources": {
"NaclPublic": {
"Type": "AWS::EC2::NetworkAcl",
"Properties": {
"Association": ["SubnetA"]
}
}
}
}
result = macro.handler(event, None)
fragment = result["fragment"]
expected_resources = ["NaclPublic", generated_resource_name]
expected_resources.sort()
actual_resources = list(fragment["Resources"].keys())
actual_resources.sort()
self.assertEqual(expected_resources, actual_resources)
self.assertEqual(
fragment["Resources"][generated_resource_name]["Type"],
"AWS::EC2::SubnetNetworkAclAssociation")
properties_totest = fragment["Resources"][generated_resource_name][
"Properties"]
self.assertEqual(properties_totest["NetworkAclId"],
{"Ref": "NaclPublic"})
self.assertEqual(properties_totest["SubnetId"], {"Ref": "SubnetA"})
self.assertRaises(
KeyError,
lambda: fragment["Resources"]["NaclPublic"]["Association"])
self.assertRaises(
KeyError, lambda: fragment["Resources"]["NaclPublic"]["Outbound"])
self.assertRaises(
KeyError, lambda: fragment["Resources"]["NaclPublic"]["Inbound"])
def testSSOPolicyDocumentTranslated(self):
event = {}
event["region"] = "ap-southeast-2"
event["requestId"] = "testRequest"
event["fragment"] = {
"Resources": {
"PermSet": {
"Type": "AWS::SSO::PermissionSet",
"Properties": {
"PolicyDocument": {
"Version":
"2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}]
}
}
}
}
}
expected_policy = "{\"Version\": \"2012-10-17\", \"Statement\": [{\"Effect\": \"Allow\", \"Action\": \"*\", \"Resource\": \"*\"}]}"
result = macro.handler(event, None)
fragment = result["fragment"]
expected_resources = ["PermSet"]
expected_resources.sort()
actual_resources = list(fragment["Resources"].keys())
actual_resources.sort()
self.assertEqual(expected_resources, actual_resources)
self.assertEqual(fragment["Resources"]["PermSet"]["Type"],
"AWS::SSO::PermissionSet")
properties_totest = fragment["Resources"]["PermSet"]["Properties"]
self.assertEqual(properties_totest["InlinePolicy"], expected_policy)
self.assertRaises(KeyError,
lambda: properties_totest["PolicyDocument"])
def test_no_replacement(self):
self.event["fragment"] = {"Description": "static template"}
result = macro.handler(self.event, None)
fragment = result["fragment"]
self.assertEqual(fragment['Description'], "static template")