def test_public(self):
obj = APIGateway(
"arn:aws:execute-api:eu-west-1:0:id/stage/method/path")
# No policy and API Key not required
expected = {
"level":
"high",
"text":
"Service is publicly accessible due to missing Resource-based policy",
}
obj.policy = {}
obj.resources = [{
"id": "0",
"method": "GET",
"path": "/",
"apiKeyRequired": False,
"authorizationType": "NONE",
}]
self.assertEqual(expected, next(Public(obj).audit()))
# No policy and API Key required
expected = StopIteration
obj.resources = [{
"id": "0",
"method": "GET",
"path": "/",
"apiKeyRequired": True,
"authorizationType": "NONE",
}]
with self.assertRaises(expected):
next(Public(obj).audit())
# No policy and Authorization Type set
expected = StopIteration
obj.resources = [{
"id": "0",
"method": "GET",
"path": "/",
"apiKeyRequired": False,
"authorizationType": "AWS_IAM",
}]
with self.assertRaises(expected):
next(Public(obj).audit())
def test_public(self):
obj = APIGateway(
'arn:aws:execute-api:eu-west-1:0:id/stage/method/path')
# No policy and API Key not required
expected = {
'level':
'high',
'text':
'Service is publicly accessible due to missing Resource-based policy'
}
obj.policy = {}
obj.resources = [{
'id': '0',
'method': 'GET',
'path': '/',
'apiKeyRequired': False,
'authorizationType': 'NONE'
}]
self.assertEqual(expected, next(Public(obj).audit()))
# No policy and API Key required
expected = StopIteration
obj.resources = [{
'id': '0',
'method': 'GET',
'path': '/',
'apiKeyRequired': True,
'authorizationType': 'NONE'
}]
with self.assertRaises(expected):
next(Public(obj).audit())
# No policy and Authorization Type set
expected = StopIteration
obj.resources = [{
'id': '0',
'method': 'GET',
'path': '/',
'apiKeyRequired': False,
'authorizationType': 'AWS_IAM'
}]
with self.assertRaises(expected):
next(Public(obj).audit())