def __init__(self, **kwargs): if not self.trusted_service(kwargs["ServicePrincipal"]): raise InvalidInputException( "You specified an unrecognized service principal.") self.service_principal = kwargs["ServicePrincipal"] self.date_enabled = datetime.datetime.utcnow()
def detach_policy(self, **kwargs): policy = self.get_policy_by_id(kwargs["PolicyId"]) root_id_regex = utils.ROOT_ID_REGEX ou_id_regex = utils.OU_ID_REGEX account_id_regex = utils.ACCOUNT_ID_REGEX target_id = kwargs["TargetId"] if re.match(root_id_regex, target_id) or re.match( ou_id_regex, target_id): ou = next((ou for ou in self.ou if ou.id == target_id), None) if ou is not None: if policy in ou.attached_policies: ou.attached_policies.remove(policy) policy.attachments.remove(ou) else: raise RESTError( "OrganizationalUnitNotFoundException", "You specified an organizational unit that doesn't exist.", ) elif re.match(account_id_regex, target_id): account = next( (account for account in self.accounts if account.id == target_id), None, ) if account is not None: if policy in account.attached_policies: account.attached_policies.remove(policy) policy.attachments.remove(account) else: raise AccountNotFoundException else: raise InvalidInputException("You specified an invalid value.")
def attach_policy(self, **kwargs): policy = self.get_policy_by_id(kwargs["PolicyId"]) if re.compile(utils.ROOT_ID_REGEX).match( kwargs["TargetId"]) or re.compile(utils.OU_ID_REGEX).match( kwargs["TargetId"]): ou = next((ou for ou in self.ou if ou.id == kwargs["TargetId"]), None) if ou is not None: if policy not in ou.attached_policies: ou.attached_policies.append(policy) policy.attachments.append(ou) else: raise RESTError( "OrganizationalUnitNotFoundException", "You specified an organizational unit that doesn't exist.", ) elif re.compile(utils.ACCOUNT_ID_REGEX).match(kwargs["TargetId"]): account = next( (a for a in self.accounts if a.id == kwargs["TargetId"]), None) if account is not None: if policy not in account.attached_policies: account.attached_policies.append(policy) policy.attachments.append(account) else: raise AccountNotFoundException else: raise InvalidInputException("You specified an invalid value.")
def remove_service_principal(self, service_principal): if service_principal not in self.services: raise InvalidInputException( "You specified an unrecognized service principal." ) self.services.pop(service_principal)
def remove_policy_type(self, policy_type): if not FakePolicy.supported_policy_type(policy_type): raise InvalidInputException("You specified an invalid value.") if all(type["Type"] != policy_type for type in self.policy_types): raise PolicyTypeNotEnabledException self.policy_types.remove({"Type": policy_type, "Status": "ENABLED"})
def add_policy_type(self, policy_type): if policy_type not in self.SUPPORTED_POLICY_TYPES: raise InvalidInputException("You specified an invalid value.") if any(type["Type"] == policy_type for type in self.policy_types): raise PolicyTypeAlreadyEnabledException self.policy_types.append({"Type": policy_type, "Status": "ENABLED"})
def tag_resource(self, **kwargs): account = next((a for a in self.accounts if a.id == kwargs["ResourceId"]), None) if account is None: raise InvalidInputException( "You provided a value that does not match the required pattern." ) new_tags = {tag["Key"]: tag["Value"] for tag in kwargs["Tags"]} account.tags.update(new_tags)
def list_tags_for_resource(self, **kwargs): account = next((a for a in self.accounts if a.id == kwargs["ResourceId"]), None) if account is None: raise InvalidInputException( "You provided a value that does not match the required pattern." ) tags = [{"Key": key, "Value": value} for key, value in account.tags.items()] return dict(Tags=tags)
def untag_resource(self, **kwargs): account = next((a for a in self.accounts if a.id == kwargs["ResourceId"]), None) if account is None: raise InvalidInputException( "You provided a value that does not match the required pattern." ) for key in kwargs["TagKeys"]: account.tags.pop(key, None)
def describe_policy(self, **kwargs): if re.compile(utils.POLICY_ID_REGEX).match(kwargs["PolicyId"]): policy = next( (p for p in self.policies if p.id == kwargs["PolicyId"]), None) if policy is None: raise RESTError( "PolicyNotFoundException", "You specified a policy that doesn't exist.", ) else: raise InvalidInputException("You specified an invalid value.") return policy.describe()
def list_children(self, **kwargs): parent_id = self.validate_parent_id(kwargs["ParentId"]) if kwargs["ChildType"] == "ACCOUNT": obj_list = self.accounts elif kwargs["ChildType"] == "ORGANIZATIONAL_UNIT": obj_list = self.ou else: raise InvalidInputException("You specified an invalid value.") return dict(Children=[{ "Id": obj.id, "Type": kwargs["ChildType"] } for obj in obj_list if obj.parent_id == parent_id])
def add_service_principal(self, service_principal): if service_principal in self.services: raise AccountAlreadyRegisteredException if not self.supported_service(service_principal): raise InvalidInputException( "You specified an unrecognized service principal.") self.services[service_principal] = { "ServicePrincipal": service_principal, "DelegationEnabledDate": unix_time(datetime.datetime.utcnow()), }
def disable_aws_service_access(self, **kwargs): if not FakeServiceAccess.trusted_service(kwargs["ServicePrincipal"]): raise InvalidInputException( "You specified an unrecognized service principal.") service_principal = next( (service for service in self.services if service["ServicePrincipal"] == kwargs["ServicePrincipal"]), None, ) if service_principal: self.services.remove(service_principal)
def list_delegated_administrators(self, **kwargs): admins = self.admins service = kwargs.get("ServicePrincipal") if service: if not FakeDelegatedAdministrator.supported_service(service): raise InvalidInputException( "You specified an unrecognized service principal.") admins = [admin for admin in admins if service in admin.services] delegated_admins = [admin.describe() for admin in admins] return dict(DelegatedAdministrators=delegated_admins)
def list_policies_for_target(self, **kwargs): _filter = kwargs["Filter"] if re.match(utils.ROOT_ID_REGEX, kwargs["TargetId"]): obj = next((ou for ou in self.ou if ou.id == kwargs["TargetId"]), None) if obj is None: raise TargetNotFoundException elif re.compile(utils.OU_ID_REGEX).match(kwargs["TargetId"]): obj = next((ou for ou in self.ou if ou.id == kwargs["TargetId"]), None) if obj is None: raise RESTError( "OrganizationalUnitNotFoundException", "You specified an organizational unit that doesn't exist.", ) elif re.compile(utils.ACCOUNT_ID_REGEX).match(kwargs["TargetId"]): obj = next( (a for a in self.accounts if a.id == kwargs["TargetId"]), None) if obj is None: raise AccountNotFoundException else: raise InvalidInputException("You specified an invalid value.") if not FakePolicy.supported_policy_type(_filter): raise InvalidInputException("You specified an invalid value.") if _filter not in [ "AISERVICES_OPT_OUT_POLICY", "SERVICE_CONTROL_POLICY" ]: raise NotImplementedError( "The {0} policy type has not been implemented".format(_filter)) return dict(Policies=[ p.describe()["Policy"]["PolicySummary"] for p in obj.attached_policies if p.type == _filter ])
def list_targets_for_policy(self, **kwargs): if re.compile(utils.POLICY_ID_REGEX).match(kwargs["PolicyId"]): policy = next( (p for p in self.policies if p.id == kwargs["PolicyId"]), None ) if policy is None: raise RESTError( "PolicyNotFoundException", "You specified a policy that doesn't exist.", ) else: raise InvalidInputException("You specified an invalid value.") objects = [ {"TargetId": obj.id, "Arn": obj.arn, "Name": obj.name, "Type": obj.type} for obj in policy.attachments ] return dict(Targets=objects)
def _get_resource_for_tagging(self, resource_id): if utils.fullmatch( re.compile(utils.OU_ID_REGEX), resource_id ) or utils.fullmatch(utils.ROOT_ID_REGEX, resource_id): resource = next((a for a in self.ou if a.id == resource_id), None) elif utils.fullmatch(re.compile(utils.ACCOUNT_ID_REGEX), resource_id): resource = next((a for a in self.accounts if a.id == resource_id), None) elif utils.fullmatch(re.compile(utils.POLICY_ID_REGEX), resource_id): resource = next((a for a in self.policies if a.id == resource_id), None) else: raise InvalidInputException( "You provided a value that does not match the required pattern." ) if resource is None: raise TargetNotFoundException return resource
def __init__(self, organization, **kwargs): self.content = kwargs.get("Content") self.description = kwargs.get("Description") self.name = kwargs.get("Name") self.type = kwargs.get("Type") self.id = utils.make_random_policy_id() self.aws_managed = False self.organization_id = organization.id self.master_account_id = organization.master_account_id self.attachments = [] if not FakePolicy.supported_policy_type(self.type): raise InvalidInputException("You specified an invalid value.") elif self.type == "AISERVICES_OPT_OUT_POLICY": self._arn_format = utils.AI_POLICY_ARN_FORMAT elif self.type == "SERVICE_CONTROL_POLICY": self._arn_format = utils.SCP_ARN_FORMAT else: raise NotImplementedError( "The {0} policy type has not been implemented".format( self.type))