def test_iam_user(test_infra):
infra = test_infra['infra']
test_infra = test_infra['test_infra']
iam_stack = test_infra.add_stack(iam.IAMStack('test'))
user = iam_stack.add_user(iam.IAMUser('test'))
user.set_login_name("test")
# test key methods
user.disable_key()
assert user._generate_key is False
user.enable_key()
assert user._generate_key is True
# Test console login methods
user.allow_console_login()
assert user._allow_console is True
user.disable_console_login()
assert user._allow_console is False
user.allow_console_login()
assert user.output_user() == 'TestTestTestIAMtestIAMUser'
assert user.output_access_key() == 'TestTestTestIAMtestIAMAccessKey'
assert user.output_secret_key() == 'TestTestTestIAMtestIAMSecretKey'
t = iam_stack.build_template()
user_dict = t.resources['test'].to_dict()
assert user_dict['Type'] == 'AWS::IAM::User'
def infra():
infra = Infra("test")
prod_infra = infra.create_sub_infra("prod")
iam_stack = prod_infra.add_stack(iam.IAMStack("roles"))
web_profile = iam_stack.add_role(iam.EC2AdminProfile("test"))
vpc_stack = prod_infra.add_stack(vpc.VPCStack())
eip_stack = prod_infra.add_stack(eip.EIPStack("test"))
ebs_stack = prod_infra.add_stack(ebs.EBSStack("test", vpc_stack))
sns_stack = prod_infra.add_stack(sns.SNSTopicStack('test'))
return {
'infra': infra,
'prod_infra': prod_infra,
'iam_stack': iam_stack,
'web_profile': web_profile,
'vpc_stack': vpc_stack,
'eip_stack': eip_stack,
'ebs_stack': ebs_stack,
'sns_stack': sns_stack
}
def common_stacks(infra):
# add VPC Stack
vpc_stack = infra.add_stack(vpc.VPCStack())
# security groups
sf_sg = vpc_stack.add_security_group(vpc.SelfReferenceSecurityGroup())
ssh_sg = vpc_stack.add_security_group(vpc.SSHSecurityGroup("SSHAll"))
web_sg = vpc_stack.add_security_group(vpc.WebSecurityGroup("WebAll"))
# s3 stack
s3_stack = infra.add_stack(s3.S3Stack("MediaBuckets"))
pub_media_bucket = s3_stack.add_bucket(s3.S3Bucket("Media"))
pub_media_bucket.public = True
# iam stack
iam_stack = infra.add_stack(iam.IAMStack("BaseRoles"))
# ec2 profile
ec2_profile = iam_stack.add_role(iam.EC2Profile("WebServer"))
# give role write access to the s3 bucket
ec2_profile.add_policy(iam.S3FullBucketAccess(pub_media_bucket))
# create a user for codedeploy
codedeploy_user = iam_stack.add_user(iam.IAMUser('CodeDeoloyUser'))
# alarms
alarm_stack = infra.add_stack(alarms.AlarmStack("Alarms"))
alarm_stack.add_topic(sns_stack)
def test_iam_base(test_infra):
infra = test_infra['infra']
test_infra = test_infra['test_infra']
iam_stack = test_infra.add_stack(iam.IAMStack('test'))
base = iam.IAMBase('test')
with pytest.raises(Exception) as e:
base._build_template(iam_stack._init_template())
assert "_build_template" in str(e)
def test_infra():
infra = Infra('test')
test_infra = infra.create_sub_infra('test')
vpc_stack = test_infra.add_stack(vpc.VPCStack())
iam_stack = test_infra.add_stack(iam.IAMStack())
return {
'infra': infra,
'test_infra': test_infra,
'vpc_stack': vpc_stack,
'iam_stack': iam_stack,
}
def test_s3_fullaccess(test_infra):
infra = test_infra['infra']
test_infra = test_infra['test_infra']
iam_stack = test_infra.add_stack(iam.IAMStack('test'))
s3_stack = test_infra.add_stack(s3.S3Stack('test'))
bucket = s3_stack.add_bucket(s3.S3Bucket('test'))
user = iam_stack.add_user(iam.IAMUser('test'))
user.add_policy(iam.S3FullBucketAccess(bucket))
with pytest.raises(TypeError) as e:
iam.S3FullBucketAccess({})
assert "Object" in str(e)
def infra():
infra = Infra("test")
prod_infra = infra.create_sub_infra("prod")
iam_stack = prod_infra.add_stack(iam.IAMStack("roles"))
web_profile = iam_stack.add_role(iam.EC2AdminProfile("test"))
vpc_stack = prod_infra.add_stack(vpc.VPCStack())
eip_stack = prod_infra.add_stack(eip.EIPStack("test"))
ebs_stack = prod_infra.add_stack(ebs.EBSStack("test", vpc_stack))
return (infra, prod_infra, iam_stack, web_profile, vpc_stack, eip_stack,
ebs_stack)