def test_retrieval_of_dns_record(certificate): request = Request("Create", certificate["CertificateArn"]) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] assert "Name" in response["Data"] assert "Type" in response["Data"] assert "Value" in response["Data"] assert response["Data"]["Type"] == "CNAME" assert "PhysicalResourceId" in response record_name = response["Data"]["Name"] physical_resource_id = response["PhysicalResourceId"] assert physical_resource_id == record_name request = Request( "Create", certificate["CertificateArn"], certificate["SubjectAlternativeNames"][1], ) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] assert "Name" in response["Data"] assert "Type" in response["Data"] assert "Value" in response["Data"] assert response["Data"]["Type"] == "CNAME" assert "PhysicalResourceId" in response assert record_name != response["Data"]["Name"] assert physical_resource_id != response["PhysicalResourceId"]
def test_update(): # create value = 'v%s' % uuid.uuid4() request = Request('Create', value, resource_type='Custom::WorkspacesDirectoryRegistration') response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] assert 'PhysicalResourceId' in response assert 'Value' in response['Data'] assert response['Data']['Value'] == value # update to a new value new_value = 'new-%s' % value physical_resource_id = response['PhysicalResourceId'] request = Request('Update', new_value, physical_resource_id, resource_type='Custom::WorkspacesDirectoryRegistration') response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] assert 'PhysicalResourceId' in response assert 'Value' in response['Data'] assert response['Data']['Value'] == new_value # delete the last created physical_resource_id = response['PhysicalResourceId'] request = Request('Delete', new_value, physical_resource_id) assert response['Status'] == 'SUCCESS', response['Reason']
def test_refresh_on_update(): # create ca_name = "ca-%s" % uuid.uuid4() request = RootCertificateRequest("Create", ca_name) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] hash = response["Data"]["Hash"] physical_resource_id = response.get("PhysicalResourceId") request = RootCertificateRequest("Update", ca_name, physical_resource_id=physical_resource_id) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] assert response.get("PhysicalResourceId") == physical_resource_id assert "PublicCertPEM" in response["Data"] assert response["Data"]["Hash"] == hash request["ResourceProperties"]["RefreshOnUpdate"] = True response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] assert response.get("PhysicalResourceId") == physical_resource_id assert "PublicCertPEM" in response["Data"] assert response["Data"]["Hash"] != hash request = RootCertificateRequest("Delete", ca_name, physical_resource_id=physical_resource_id) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"]
def test_create_group(): # create name = 'n%s' % uuid.uuid4() group = {'name': name, 'description': 'group of {}'.format(name)} request = Request('Create', group) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] assert 'PhysicalResourceId' in response # duplicate create should fail... err_response = handler(request, {}) assert err_response['Status'] == 'FAILED' # update group['description'] = 'groep van {}'.format(name) request = Request('Update', group, response['PhysicalResourceId']) response = handler(request, {}) print(json.dumps(response, indent=2)) assert response['Status'] == 'SUCCESS', response['Reason'] assert 'PhysicalResourceId' in response # delete physical_resource_id = response['PhysicalResourceId'] request = Request('Delete', {}, physical_resource_id) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] # duplicate delete is ok... err_response = handler(request, {}) assert err_response['Status'] == 'SUCCESS'
def test_create(): # create client = json.loads(json.dumps(sample_client)) client['name'] = 'n%s' % uuid.uuid4() request = Request('Create', client) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] assert 'PhysicalResourceId' in response assert 'ClientId' in response['Data'] assert response['PhysicalResourceId'] == response['Data']['ClientId'] # update request = Request('Update', client, response['PhysicalResourceId']) response = handler(request, {}) print json.dumps(response, indent=2) assert response['Status'] == 'SUCCESS', response['Reason'] assert 'PhysicalResourceId' in response assert 'ClientId' in response['Data'] assert response['PhysicalResourceId'] == response['Data']['ClientId'] # delete physical_resource_id = response['PhysicalResourceId'] request = Request('Delete', {}, physical_resource_id) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason']
def test_create(): # create client = json.loads(json.dumps(sample_client)) client['name'] = 'n%s' % uuid.uuid4() request = Request('Create', client) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] assert 'PhysicalResourceId' in response assert 'ClientId' in response['Data'] assert response['PhysicalResourceId'] == response['Data']['ClientId'] # update request = Request('Update', client, response['PhysicalResourceId']) response = handler(request, {}) print(json.dumps(response, indent=2)) assert response['Status'] == 'SUCCESS', response['Reason'] assert 'PhysicalResourceId' in response assert 'ClientId' in response['Data'] assert response['PhysicalResourceId'] == response['Data']['ClientId'] # delete physical_resource_id = response['PhysicalResourceId'] request = Request('Delete', {}, physical_resource_id) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] # delete incorrect physical resource id request = Request('Delete', {}, 'devapi-consumeradmin-ManageOwnConsumersPermission-Y38O818GY2PV') response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason']
def test_create_incorrect_validation_method(): cert = email_certificate() request = Request("Create", cert["CertificateArn"]) response = handler(request, {}) assert response["Status"] == "FAILED", response["Reason"] assert response["Reason"].startswith("domain is using validation method")
def test_retrieval_of_non_existing_domain_name(certificate): request = Request('Update', certificate['CertificateArn']) request['ResourceProperties']['DomainName'] = 'nonexisting.domain.name' response = handler(request, {}) assert response['Status'] == 'FAILED', response['Reason'] assert response['Reason'].startswith( 'No validation option found for domain')
def test_retrieval_of_non_existing_domain_name(certificate): request = Request("Update", certificate["CertificateArn"]) request["ResourceProperties"]["DomainName"] = "nonexisting.domain.name" response = handler(request, {}) assert response["Status"] == "FAILED", response["Reason"] assert response["Reason"].startswith( "No validation option found for domain")
def test_retrieval_non_existing_certificate(): request = Request( "Create", "arn:aws:acm:eu-central-1:111111111111:certificate/ffffffff-ffff-ffff-ffff-ffffffffffff", ) response = handler(request, {}) assert response["Status"] == "FAILED", response["Reason"] assert "ResourceNotFoundException" in response["Reason"]
def test_retrieval_non_existing_certificate(): request = Request( 'Create', 'arn:aws:acm:eu-central-1:111111111111:certificate/ffffffff-ffff-ffff-ffff-ffffffffffff' ) response = handler(request, {}) assert response['Status'] == 'FAILED', response['Reason'] assert 'ResourceNotFoundException' in response['Reason']
def test_rename(): # create ca_name = "ca-%s" % uuid.uuid4() new_ca_name = "new-ca-%s" % uuid.uuid4() request = RootCertificateRequest("Create", ca_name) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] assert "PhysicalResourceId" in response assert "PublicCertPEM" in response["Data"] assert "Hash" in response["Data"] hash = response["Data"]["Hash"] physical_resource_id = response.get("PhysicalResourceId") r = ssm.get_parameter(Name=physical_resource_id, WithDecryption=True) request = RootCertificateRequest("Update", new_ca_name, physical_resource_id=physical_resource_id) request["OldResourceProperties"] = {"CAName": ca_name} response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] assert response.get("PhysicalResourceId") != physical_resource_id assert "PublicCertPEM" in response["Data"] assert response["Data"]["Hash"] != hash assert response["Data"]["CAName"] == new_ca_name new_physical_resource_id = response["PhysicalResourceId"] r = ssm.get_parameter(Name=new_physical_resource_id, WithDecryption=True) failed_update_response = handler(request, {}) assert failed_update_response["Status"] == "FAILED", response["Reason"] assert "already exists" in failed_update_response["Reason"] for resource_id, name in [ (physical_resource_id, ca_name), (new_physical_resource_id, new_ca_name), ]: request = RootCertificateRequest("Delete", name, physical_resource_id=resource_id) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] try: r = ssm.get_parameter(Name=resource_id) assert False, f"root ca parameter store {physical_resource_id} still exists" except ssm.exceptions.ParameterNotFound: pass
def test_retrieval_of_dns_record_via_update(certificate): request = Request("Update", certificate["CertificateArn"]) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] assert "Name" in response["Data"] assert "Type" in response["Data"] assert "Value" in response["Data"] assert response["Data"]["Type"] == "CNAME" assert "PhysicalResourceId" in response assert response["PhysicalResourceId"] == response["Data"]["Name"]
def test_retrieval_of_dns_record_via_update(certificate): request = Request('Update', certificate['CertificateArn']) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] assert 'Name' in response['Data'] assert 'Type' in response['Data'] assert 'Value' in response['Data'] assert response['Data']['Type'] == 'CNAME' assert 'PhysicalResourceId' in response assert response['PhysicalResourceId'] == response['Data']['Name']
def test_create(): name = 'test-%s' % uuid.uuid4() fs = None try: fs_response = efs.create_file_system(CreationToken=name) fs = fs_response['FileSystemId'] mode, mibs = get_throughput_mode(fs) assert mode == 'bursting' request = Request('Create', fs, 'provisioned', 1.0) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] assert 'PhysicalResourceId' in response mode, mibs = get_throughput_mode(fs) assert mode == 'provisioned' assert mibs == 1.0 physical_resource_id = response['PhysicalResourceId'] request = Request('Update', fs, 'provisioned', 2.0, physical_resource_id) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] assert 'PhysicalResourceId' in response assert response['PhysicalResourceId'] == physical_resource_id mode, mibs = get_throughput_mode(fs) assert mode == 'provisioned' assert mibs == 2.0 # delete request['RequestType'] = 'Delete' response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] mode, mibs = get_throughput_mode(fs) assert mode == 'provisioned' except: if fs is not None: efs.delete_file_system(FileSystemId=fs) raise
def test_crud(): # create ca_name = "ca-%s" % uuid.uuid4() try: request = RootCertificateRequest("Create", ca_name) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] assert "PhysicalResourceId" in response assert "PublicCertPEM" in response["Data"] assert "Hash" in response["Data"] assert response["Data"]["CAName"] == ca_name hash = response["Data"]["Hash"] physical_resource_id = response.get("PhysicalResourceId") r = ssm.get_parameter(Name=response["PhysicalResourceId"], WithDecryption=True) request = RootCertificateRequest( "Update", ca_name, physical_resource_id=physical_resource_id) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] assert "PhysicalResourceId" in response assert "PublicCertPEM" in response["Data"] assert response["Data"]["Hash"] == hash r = ssm.get_parameter(Name=response["PhysicalResourceId"], WithDecryption=True) request = RootCertificateRequest( "Delete", ca_name, physical_resource_id=physical_resource_id) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] try: r = ssm.get_parameter(Name=response["PhysicalResourceId"], WithDecryption=True) assert False, f"root ca parameter store {physical_resource_id} still exists" except ssm.exceptions.ParameterNotFound: pass finally: pass handler(RootCertificateRequest("Delete", ca_name), {})
def test_find_all_root_cas(): base_name = "ca-%s" % uuid.uuid4() ca_names = set([f"{base_name}-{x}" for x in range(0, 4)]) try: for ca_name in ca_names: request = RootCertificateRequest("Create", ca_name) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] root_cas = find_all_root_cas() assert ca_names == root_cas.intersection(ca_names) finally: for ca_name in ca_names: request = RootCertificateRequest( "Delete", ca_name, physical_resource_id= "arn:aws:ssm:eu-central-1:123456789012:parameter/x", ) response = handler(request, {}) print(response["Reason"])
def test_create(): # create value = 'v%s' % uuid.uuid4() request = Request('Create', value) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] assert 'PhysicalResourceId' in response assert 'Value' in response['Data'] assert response['Data']['Value'] == value # delete physical_resource_id = response['PhysicalResourceId'] request = Request('Delete', value, physical_resource_id) assert response['Status'] == 'SUCCESS', response['Reason']
def test_retrieval_of_dns_record(certificate): request = Request('Create', certificate['CertificateArn']) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] assert 'Name' in response['Data'] assert 'Type' in response['Data'] assert 'Value' in response['Data'] assert response['Data']['Type'] == 'CNAME' assert 'PhysicalResourceId' in response record_name = response['Data']['Name'] physical_resource_id = response['PhysicalResourceId'] assert physical_resource_id == record_name request = Request('Create', certificate['CertificateArn'], certificate['SubjectAlternativeNames'][1]) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] assert 'Name' in response['Data'] assert 'Type' in response['Data'] assert 'Value' in response['Data'] assert response['Data']['Type'] == 'CNAME' assert 'PhysicalResourceId' in response assert record_name != response['Data']['Name'] assert physical_resource_id != response['PhysicalResourceId']
def test_search_criteria(): search = { "maxItems": 2, "searchCriteria": [{ "fieldName": "name", "stringValue": "SMTP Server" }], } request = Request("Create", "firewallRule", search) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] assert "PhysicalResourceId" in response assert response["PhysicalResourceId"] is not None rule_id = response["PhysicalResourceId"] request = Request("Update", "firewallRule", search, physical_resource_id=rule_id) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] assert "PhysicalResourceId" in response assert response["PhysicalResourceId"] is not None assert response["PhysicalResourceId"] == rule_id
def test_search_combined(): search = { "maxItems": 2, "searchCriteria": [{ "fieldName": "name", "stringValue": "SMTP%", "stringWildcards": True }], } request = Request("Create", "firewallRule", search=search, name="SMTP Server") response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] assert "PhysicalResourceId" in response assert response["PhysicalResourceId"] is not None
def test_create(): # create value = json.loads(json.dumps(sample_provider)) request = Request('Create', value) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] assert 'PhysicalResourceId' in response request = Request('Create', value) response = handler(request, {}) assert response['Status'] == 'FAILED', response['Reason'] assert 'PhysicalResourceId' in response assert len(response['Reason']) > 0 assert response['PhysicalResourceId'] == 'could-not-create' # update value['credentials']['smtp_host'] = 'another-localhost' request = Request('Update', value, response['PhysicalResourceId']) response = handler(request, {}) print(json.dumps(response, indent=2)) assert response['Status'] == 'SUCCESS', response['Reason'] assert 'PhysicalResourceId' in response # delete physical_resource_id = response['PhysicalResourceId'] request = Request('Delete', {}, physical_resource_id) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] # delete again request = Request('Delete', {}, physical_resource_id) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] # delete incorrect physical resource id request = Request('Delete', {}, 'devapi-consumeradmin-ManageOwnConsumersPermission-Y38O818GY2PV') response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason']
def test_output_parameters(): name = 'n%s' % uuid.uuid4() outputs = [{ 'Path': 'client_id', 'Name': '/cfn-auth0-provider/clients/%s/client_id' % name, 'Description': 'my client id' }, { 'Path': 'client_secret', 'Name': '/cfn-auth0-provider/clients/%s/client_secret' % name }] # create client = json.loads(json.dumps(sample_client)) client['name'] = name request = Request('Create', client) request['ResourceProperties']['OutputParameters'] = outputs response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] client_id = response['PhysicalResourceId'] ssm = boto3.client('ssm') parameter = ssm.get_parameter(Name=outputs[0]['Name'], WithDecryption=True) assert parameter['Parameter']['Value'] == client_id filter = {'Key': 'Name', 'Values': [outputs[0]['Name']]} parameters = ssm.describe_parameters(Filters=[filter]) assert parameters['Parameters'][0]['Description'] == outputs[0][ 'Description'] # check the client secret is stored.. parameter = ssm.get_parameter(Name=outputs[1]['Name'], WithDecryption=True) # create second time error_response = handler(request, {}) assert error_response['Status'] == 'FAILED', response['Reason'] assert error_response['Reason'].startswith('one or more of the parameters') # update new_outputs = [{ 'Path': 'client_id', 'Name': '/cfn-auth0-provider/clients/%s/client_secret' % name }] request = Request('Update', client, response['PhysicalResourceId']) request['OldResourceProperties'] = {} request['OldResourceProperties']['OutputParameters'] = outputs request['ResourceProperties']['OutputParameters'] = new_outputs response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] # check the client_id was written in the secret parameter parameter = ssm.get_parameter(Name=new_outputs[0]['Name'], WithDecryption=True) assert parameter['Parameter']['Value'] == client_id # check that the removed output is deleted. try: parameter = ssm.get_parameter(Name=outputs[0]['Name'], WithDecryption=True) assert False, '%s should not exist' % parameter['Parameter']['Name'] except ClientError as e: assert e.response['Error']['Code'] == 'ParameterNotFound' # delete physical_resource_id = response['PhysicalResourceId'] request = Request('Delete', {}, physical_resource_id) request['ResourceProperties']['OutputParameters'] = outputs response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] for parameter in outputs: try: parameter = ssm.get_parameter(Name=parameter['Name'], WithDecryption=True) assert False, '%s should not exist' % parameter['Name'] except ClientError as e: assert e.response['Error']['Code'] == 'ParameterNotFound' # Double delete works too request = Request('Delete', {}, physical_resource_id) request['ResourceProperties']['OutputParameters'] = outputs response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason']
def test_missing_mibps(): request = Request('Create', 'fs-doesnotexist', 'provisioned') del request['PhysicalResourceId'] response = handler(request, {}) assert response['Status'] == 'FAILED', response['Reason']
def test_create_incorrect_validation_method(email_certificate): request = Request('Create', email_certificate['CertificateArn']) response = handler(request, {}) assert response['Status'] == 'FAILED', response['Reason'] assert response['Reason'].startswith('domain is using validation method')
def test_create(): # create ca_name = "ca-%s" % uuid.uuid4() hostname = f"np17.{ca_name}" new_hostname = f"np17-2.{ca_name}" try: request = RootCertificateRequest("Create", ca_name) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] request = CertificateRequest("Create", ca_name, hostname) response = handler(request, {}) assert response["Data"]["CAName"] == ca_name assert response["Data"]["Hostname"] == hostname assert response["Status"] == "SUCCESS", response["Reason"] physical_resource_id = response.get("PhysicalResourceId") assert physical_resource_id request = CertificateRequest( "Update", ca_name, new_hostname, physical_resource_id=response["PhysicalResourceId"], ) request["OldResourceProperties"] = {"CAName": ca_name, "Hostname": hostname} update_response = handler(request, {}) assert update_response["Status"] == "SUCCESS", update_response["Reason"] assert "PhysicalResourceId" in response assert update_response["Data"]["CAName"] == ca_name assert update_response["Data"]["Hostname"] == new_hostname new_physical_resource_id = update_response.get("PhysicalResourceId") assert new_physical_resource_id assert physical_resource_id != new_physical_resource_id r = ssm.get_parameter(Name=new_physical_resource_id, WithDecryption=True) failed_update_response = handler(request, {}) assert failed_update_response["Status"] == "FAILED", failed_update_response[ "Reason" ] assert "already exists" in failed_update_response["Reason"] for resource_id, name in [ (physical_resource_id, hostname), (new_physical_resource_id, f"np17-2.{ca_name}"), ]: request = CertificateRequest( "Delete", ca_name, name, physical_resource_id=resource_id ) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] try: r = ssm.get_parameter(Name=resource_id) assert False, f"parameter {resource_id} still exists" except ssm.exceptions.ParameterNotFound: pass finally: pass handler(CertificateRequest("Delete", ca_name, hostname), {}) handler(CertificateRequest("Delete", ca_name, new_hostname), {}) handler(RootCertificateRequest("Delete", ca_name), {})
def test_all_stuff(): # create client name = 'test-%s' % uuid.uuid4() client = {'name': name} request = Request('Create', 'Custom::Auth0Client', client) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] client_id = response['PhysicalResourceId'] # create api api = {'name': name, 'identifier': 'urn:' + name} request = Request('Create', 'Custom::Auth0ResourceServer', api) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] api_id = response['PhysicalResourceId'] # create permission permission = { 'name': 'test-update:pets', 'description': 'update pets', 'applicationId': client_id, 'applicationType': 'client' } request = Request('Create', 'Custom::Authz0Permission', permission) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] permission_id = response['PhysicalResourceId'] # create role role = { 'name': name, 'description': 'role of {}'.format(name), 'applicationId': client_id, 'applicationType': 'client', 'permissions': [permission_id] } request = Request('Create', 'Custom::Authz0Role', role) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] role_id = response['PhysicalResourceId'] # create client client = {'name': name} request = Request('Create', 'Custom::Auth0Client', client) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] client_id = response['PhysicalResourceId'] # create connection connection_name = 'test-{}'.format(name.replace('-', '')[5:20]) connection = { 'name': connection_name, 'strategy': 'auth0', 'enabled_clients': [get_parameter('/cfn-auth0-provider/client_id'), client_id] } request = Request('Create', 'Custom::Auth0Connection', connection) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] connection_id = response['PhysicalResourceId'] time.sleep(0.5) # create user user = { 'name': name, 'connection': connection_name, 'email': '{}@auth0.local'.format(name), 'password': name } request = Request('Create', 'Custom::Auth0User', user) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] user_id = response['PhysicalResourceId'] # grant role to user user_role = {'user': user_id, 'role': role_id} request = Request('Create', 'Custom::Authz0UserRole', user_role) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] user_role_id = response['PhysicalResourceId'] # create group group = {'name': name, 'description': 'group of {}'.format(name)} request = Request('Create', 'Custom::Authz0Group', group) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] group_id = response['PhysicalResourceId'] # create group 2 group = { 'name': name + '-2', 'description': 'second group of {}'.format(name) } request = Request('Create', 'Custom::Authz0Group', group) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] group2_id = response['PhysicalResourceId'] # add user (member) to group group_member = {'group': group_id, 'member': user_id} request = Request('Create', 'Custom::Authz0GroupMember', group_member) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] group_member_id = response['PhysicalResourceId'] # grant role to group group_role = {'group': group_id, 'role': role_id} request = Request('Create', 'Custom::Authz0GroupRole', group_role) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] group_role_id = response['PhysicalResourceId'] # assigned group to group assignment = {'group': group_id, 'nested': group2_id} print(assignment) request = Request('Create', 'Custom::Authz0GroupNested', assignment) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] nested_group_id = response['PhysicalResourceId'] # create group mapping group_mapping_request = { 'group': group_id, 'groupName': 'googlers', 'connectionName': 'google-oauth2' } request = Request('Create', 'Custom::Authz0GroupMapping', group_mapping_request) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] group_mapping_id = response['PhysicalResourceId'] # update group mapping group_mapping_request = { 'group': group_id, 'groupName': 'googelaars', 'connectionName': 'google-oauth2' } request = Request('Update', 'Custom::Authz0GroupMapping', group_mapping_request, physical_resource_id=group_mapping_id) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] group_mapping_id_2 = response['PhysicalResourceId'] assert group_mapping_id != group_mapping_id_2 # delete group to group physical_resource_id = response['PhysicalResourceId'] request = Request('Delete', 'Custom::Authz0GroupNested', {}, nested_group_id) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] # delete group mapping 1 group_mapping_request = { 'group': group_id, 'groupName': 'googelaars', 'connectionName': 'google-oauth2' } request = Request('Delete', 'Custom::Authz0GroupMapping', group_mapping_request, physical_resource_id=group_mapping_id) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] # delete group mapping 2 group_mapping_request = { 'group': group_id, 'groupName': 'googelaars', 'connectionName': 'google-oauth2' } request = Request('Delete', 'Custom::Authz0GroupMapping', group_mapping_request, physical_resource_id=group_mapping_id_2) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] # delete group2 physical_resource_id = response['PhysicalResourceId'] request = Request('Delete', 'Custom::Authz0Group', {}, group2_id) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] # delete group physical_resource_id = response['PhysicalResourceId'] request = Request('Delete', 'Custom::Authz0Group', {}, group_id) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] # delete role physical_resource_id = response['PhysicalResourceId'] request = Request('Delete', 'Custom::Authz0Role', {}, role_id) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] # delete permission physical_resource_id = response['PhysicalResourceId'] request = Request('Delete', 'Custom::Authz0Permission', {}, permission_id) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] # delete api physical_resource_id = response['PhysicalResourceId'] request = Request('Delete', 'Custom::Auth0ResourceServer', {}, api_id) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] # delete client physical_resource_id = response['PhysicalResourceId'] request = Request('Delete', 'Custom::Auth0Client', {}, client_id) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason']
def test_search_shorthand(): request = Request("Create", "firewallRule", name="SMTP Server") response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] assert "PhysicalResourceId" in response assert response["PhysicalResourceId"] is not None
def test_invalid_mibps(): request = Request('Create', 'fs-doesnotexist', 'provisioned', 'badshit') response = handler(request, {}) assert response['Status'] == 'FAILED', response['Reason']