def test_policy_add_sqs_permissions_to_lambda_role(self): policy_name = self.iam_utils.arn_aws_policy_service_sqs_lambda.split( '/').pop(-1) with Temp_Lambda() as temp_lambda: lambda_name = temp_lambda.lambda_name iam_role_name = self.iam_utils.policy_add_sqs_permissions_to_lambda_role( lambda_name) iam_role = IAM_Role(role_name=iam_role_name) pprint(iam_role.info()) assert policy_name in iam_role.policies_statements() assert iam_role.exists() is True self.iam_utils.policy_remove_sqs_permissions_to_lambda_role( lambda_name) assert policy_name not in iam_role.policies_statements()
class test_IAM_Role(TestCase): def setUp(self): self.temp_role_name = 'test_IAM_Role__temp_role' self.iam_role = IAM_Role(role_name=self.temp_role_name) with AWS_Config() as aws_config: self.account_id = aws_config.aws_session_account_id() self.region = aws_config.aws_session_region_name() def tearDown(self) -> None: if self.iam_role.exists(): assert self.iam_role.delete() def test___init__(self): assert self.iam_role.iam.role_name == self.temp_role_name def test_create_for__code_build(self): result = self.iam_role.create_for__code_build() status = result.get('status') data = result.get('data') role_arn = result.get('role_arn') role_name = result.get('role_name') create_date = data.get('CreateDate') del data['RoleId'] del data['CreateDate'] expected_service = 'codebuild.amazonaws.com' expected_arn = 'arn:aws:iam::{0}:role/test_IAM_Role__temp_role'.format( self.account_id) expected_data = { 'Arn': expected_arn, 'AssumeRolePolicyDocument': { 'Statement': [{ 'Action': 'sts:AssumeRole', 'Effect': 'Allow', 'Principal': { 'Service': expected_service } }] }, 'Path': '/', 'RoleName': 'test_IAM_Role__temp_role' } assert status == 'ok' assert role_arn == expected_arn assert role_name == self.temp_role_name assert data == expected_data Assert(create_date).is_today() assert self.iam_role.create_for__code_build() == { 'data': 'role already exists', 'role_name': self.temp_role_name, 'role_arn': expected_arn, 'status': 'warning' } def test_create_for__lambda(self): self.iam_role.create_for__lambda().get('role_arn') role_info = self.iam_role.info() service = role_info.get('AssumeRolePolicyDocument').get( 'Statement')[0].get('Principal').get('Service') assert service == 'lambda.amazonaws.com' policy_statement = list( self.iam_role.policies_statements().values()).pop() assert policy_statement == [{ 'Action': [ 'logs:CreateLogGroup', 'logs:CreateLogStream', 'logs:PutLogEvents' ], 'Effect': 'Allow', 'Resource': [ 'arn:aws:logs:{0}:{1}:log-group:/aws/lambda/*'.format( self.region, self.account_id) ] }] def test_create_for_service_with_policies(self): policy_name = "Cloud_Watch" policies = { policy_name: { "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:PutLogEvents", "logs:GetLogEvents", "logs:FilterLogEvents" ], "Resource": "*" }] } } service = 'apigateway.amazonaws.com' recreate_policy = True project_name = self.temp_role_name result = self.iam_role.create_for_service_with_policies( service, policies, project_name, recreate_policy) assert result == { 'policies_arns': [ f'arn:aws:iam::{self.account_id}:policy/{policy_name}_{project_name}' ], 'role_arn': f'arn:aws:iam::{self.account_id}:role/{project_name}' } temp_policies_arns = result['policies_arns'] temp_policy_arn = result['policies_arns'][0] assert len(temp_policies_arns) == 1 assert self.iam_role.exists() assert self.iam_role.iam.policy_exists(temp_policy_arn) self.iam_role.delete() # will also delete all associated policies assert self.iam_role.iam.policy_not_exists(temp_policy_arn) assert self.iam_role.not_exists()