def test_create(self):
self.iam_policy = IAM_Policy('temp_policy__test_create')
self.iam_policy.delete()
result = self.iam_policy.add_cloud_watch('arn:aws:abc').create()
expected_policy_arn = 'arn:aws:iam::{0}:policy/{1}'.format(
self.account_id, self.iam_policy.policy_name)
status = result.get('status')
policy_arn = result.get('policy_arn')
data = result.get('data')
assert status == 'ok'
assert policy_arn == expected_policy_arn
assert data.get('Arn') == expected_policy_arn
assert data.get('Path') == '/'
assert data.get('DefaultVersionId') == 'v1'
assert data.get('PolicyName') == self.iam_policy.policy_name
assert self.iam_policy.statement_from_aws() == [{
'Action': [
'logs:CreateLogGroup', 'logs:CreateLogStream',
'logs:PutLogEvents'
],
'Effect':
'Allow',
'Resource': ['arn:aws:abc']
}]
assert self.iam_policy.delete() is True
def add_policy_for__lambda(self):
temp_policy_name = 'policy_{0}'.format(self.role_name)
cloud_watch_arn = f'arn:aws:logs:{AWS_Config().aws_session_region_name()}:{AWS_Config().aws_session_account_id()}:log-group:/aws/lambda/*'
iam_policy = IAM_Policy(temp_policy_name)
policy_arn = iam_policy.add_cloud_watch(cloud_watch_arn).create().get(
'policy_arn')
self.iam.role_policy_attach(policy_arn)
return policy_arn
def add_policy_for__lambda(self):
temp_policy_name = 'policy_{0}'.format(self.role_name)
cloud_watch_arn = "arn:aws:logs:{0}:{1}:log-group:/aws/lambda/*".format(
'eu-west-2', '244560807427')
iam_policy = IAM_Policy(temp_policy_name)
self.policy_arn = iam_policy.add_cloud_watch(
cloud_watch_arn).create().get('policy_arn')
self.iam.role_policy_attach(self.policy_arn)
return self
def _test_lambda_write_cloud_watch__with_asserts(self):
group_name = '/unit-tests/test_log_group'
stream_name = Misc.random_string_and_numbers(prefix='tmp_stream_')
message = 'this is a message sent from an lambda function'
lambda_name = 'osbot_aws.lambdas.dev.write_cloud_watch_log'
log_group_arn = 'arn:aws:logs:eu-west-2:244560807427:log-group:{0}*'.format(
group_name)
policy_name = 'temp_policy_for_lambda_write_cloud_watch'
role_name = 'temp_role_for_lambda_invocation'
policy_actions = ['logs:PutLogEvents']
logs = Logs(group_name=group_name, stream_name=stream_name)
logs.group_create()
logs.stream_create()
iam_role = IAM(role_name=role_name)
iam_policy = IAM_Policy(policy_name=policy_name)
iam_policy.add_statement_allow(policy_actions, [log_group_arn])
policy_arn = iam_policy.create(
delete_before_create=True).get('policy_arn')
assert iam_policy.exists() is True
assert iam_role.role_exists() is True
assert logs.group_exists() is True
assert logs.stream_exists() is True
assert set(iam_role.role_policies()) == {
'AWSXrayWriteOnlyAccess', 'policy_temp_role_for_lambda_invocation'
}
iam_role.role_policy_attach(policy_arn)
assert set(iam_role.role_policies()) == {
'AWSXrayWriteOnlyAccess', 'policy_temp_role_for_lambda_invocation',
'temp_policy_for_lambda_write_cloud_watch'
}
sleep(10) # wait for AWS to propagate role update
payload = {
'group_name': group_name,
'stream_name': stream_name,
'message': message
}
lambda_obj = Lambda_Package(lambda_name) #.update_with_root_folder()
result = lambda_obj.invoke(payload)
sleep(1) # wait for Cloudwatch to update
assert result.get('status') == 'ok'
assert logs.messages() == [message]
assert iam_policy.delete() is True
assert logs.group_delete() is True
assert logs.group_exists() is False
assert set(iam_role.role_policies()) == {
'AWSXrayWriteOnlyAccess', 'policy_temp_role_for_lambda_invocation'
}
def test_create___bad_policy_statement(self):
iam_policy = IAM_Policy('temp_policy__test_create_no_policy')
response = iam_policy.create()
assert response == {
'data':
'An error occurred (MalformedPolicyDocument) when calling the CreatePolicy operation: Syntax errors in policy.',
'policy_arn': None,
'policy_name': 'temp_policy__test_create_no_policy',
'status': 'error'
}
assert iam_policy.exists() is False
def setUp(self):
self.account_id = '244560807427'
self.iam_policy = IAM_Policy()
def test_statement(self):
assert IAM_Policy().statement() == {
'Statement': [],
'Version': '2012-10-17'
}
def test_create___no_policy_name(self):
assert IAM_Policy().create() == {
'data': 'policy name is None',
'status': 'error'
}
def test_lambda_policy_service_sqs(self):
iam_policy = IAM_Policy(
policy_arn=self.iam_utils.arn_aws_policy_service_sqs_lambda)
pprint(iam_policy.exists())
def setUp(self):
self.account_id = AWS_Config().aws_session_account_id()
self.iam_policy = IAM_Policy()