def test_canonical_user():
identity = f"{uuid.uuid4()}.internal"
request = Request(
"Create", identity, {"CanonicalUser": "******"}
)
provider.set_request(request, {})
assert provider.is_valid_request(), provider.reason
def test_list_of_federated():
identity = f"{uuid.uuid4()}.internal"
request = Request(
"Create", identity, {"Federated": ["ecs.amazonaws.com", "eks.amazonaws.com"]}
)
provider.set_request(request, {})
assert provider.is_valid_request(), provider.reason
def test_invalid_principal():
identity = f"{uuid.uuid4()}.internal"
request = Request(
"Create",
identity,
{"FederatedUser": ["ecs.amazonaws.com", "eks.amazonaws.com"]},
)
provider.set_request(request, {})
assert not provider.is_valid_request(), provider.reason
def test_list_of_aws_root():
identity = f"{uuid.uuid4()}.internal"
request = Request(
"Create",
identity,
{"AWS": ["arn:aws:iam::111111111111:root", "arn:aws:iam::222222222222:root"]},
)
provider.set_request(request, {})
assert provider.is_valid_request(), provider.reason
def test_wildcard():
identity = f"{uuid.uuid4()}.internal"
provider.set_request(Request("Create", identity, "*"), {})
assert provider.is_valid_request(), provider.reason
def test_services():
identity = f"{uuid.uuid4()}.internal"
request = Request("Create", identity, {"Service": "ecs.amazonaws.com"})
provider.set_request(request, {})
assert provider.is_valid_request(), provider.reason
def test_simple_root():
identity = f"{uuid.uuid4()}.internal"
request = Request("Create", identity, {"AWS": "arn:aws:iam::111111111111:root"})
provider.set_request(request, {})
assert provider.is_valid_request(), provider.reason