def test_sid_group(self):
desired_output = {
"S3PermissionsmanagementBucket": {
"arn": ["arn:aws:s3:::example-org-s3-access-logs"],
"service":
"s3",
"access_level":
"Permissions management",
"arn_format":
"arn:${Partition}:s3:::${BucketName}",
"actions": [
"s3:DeleteBucketPolicy",
"s3:PutBucketAcl",
"s3:PutBucketPolicy",
"s3:PutBucketPublicAccessBlock",
],
"conditions": [],
}
}
sid_group = SidGroup()
arn_list_from_user = ["arn:aws:s3:::example-org-s3-access-logs"]
access_level = "Permissions management"
sid_group.add_by_arn_and_access_level(db_session, arn_list_from_user,
access_level)
status = sid_group.get_sid_group()
self.maxDiff = None
# print(json.dumps(status, indent=4))
self.assertEqual(status, desired_output)
rendered_policy = sid_group.get_rendered_policy(db_session)
desired_policy = {
"Version":
"2012-10-17",
"Statement": [{
"Sid":
"S3PermissionsmanagementBucket",
"Effect":
"Allow",
"Action": [
"s3:DeleteBucketPolicy",
"s3:PutBucketAcl",
"s3:PutBucketPolicy",
"s3:PutBucketPublicAccessBlock",
],
"Resource": ["arn:aws:s3:::example-org-s3-access-logs"],
}],
}
# print(json.dumps(rendered_policy, indent=4))
self.maxDiff = None
self.assertDictEqual(desired_policy, rendered_policy)
def test_sid_group_multiple(self):
sid_group = SidGroup()
arn_list_from_user = [
"arn:aws:s3:::example-org-s3-access-logs",
"arn:aws:kms:us-east-1:123456789012:key/123456",
]
access_level = "Permissions management"
sid_group.add_by_arn_and_access_level(arn_list_from_user, access_level)
output = sid_group.get_sid_group()
print(json.dumps(output, indent=4))
desired_output = {
"S3PermissionsmanagementBucket": {
"arn": ["arn:aws:s3:::example-org-s3-access-logs"],
"service":
"s3",
"access_level":
"Permissions management",
"arn_format":
"arn:${Partition}:s3:::${BucketName}",
"actions": [
"s3:DeleteBucketPolicy",
"s3:PutBucketAcl",
"s3:PutBucketPolicy",
"s3:PutBucketPublicAccessBlock",
],
"conditions": [],
},
"KmsPermissionsmanagementKey": {
"arn": ["arn:aws:kms:us-east-1:123456789012:key/123456"],
"service":
"kms",
"access_level":
"Permissions management",
"arn_format":
"arn:${Partition}:kms:${Region}:${Account}:key/${KeyId}",
"actions": [
"kms:CreateGrant",
"kms:PutKeyPolicy",
"kms:RetireGrant",
"kms:RevokeGrant",
],
"conditions": [],
},
}
self.maxDiff = None
self.assertDictEqual(desired_output, output)
desired_policy = {
"Version":
"2012-10-17",
"Statement": [
{
"Sid":
"S3PermissionsmanagementBucket",
"Effect":
"Allow",
"Action": [
"s3:DeleteBucketPolicy",
"s3:PutBucketAcl",
"s3:PutBucketPolicy",
"s3:PutBucketPublicAccessBlock",
],
"Resource": ["arn:aws:s3:::example-org-s3-access-logs"],
},
{
"Sid":
"KmsPermissionsmanagementKey",
"Effect":
"Allow",
"Action": [
"kms:CreateGrant",
"kms:PutKeyPolicy",
"kms:RetireGrant",
"kms:RevokeGrant",
],
"Resource":
["arn:aws:kms:us-east-1:123456789012:key/123456"],
},
],
}
rendered_policy = sid_group.get_rendered_policy()
self.assertDictEqual(desired_policy, rendered_policy)