def test_sid_group(self): desired_output = { "S3PermissionsmanagementBucket": { "arn": ["arn:aws:s3:::example-org-s3-access-logs"], "service": "s3", "access_level": "Permissions management", "arn_format": "arn:${Partition}:s3:::${BucketName}", "actions": [ "s3:DeleteBucketPolicy", "s3:PutBucketAcl", "s3:PutBucketPolicy", "s3:PutBucketPublicAccessBlock", ], "conditions": [], } } sid_group = SidGroup() arn_list_from_user = ["arn:aws:s3:::example-org-s3-access-logs"] access_level = "Permissions management" sid_group.add_by_arn_and_access_level(db_session, arn_list_from_user, access_level) status = sid_group.get_sid_group() self.maxDiff = None # print(json.dumps(status, indent=4)) self.assertEqual(status, desired_output) rendered_policy = sid_group.get_rendered_policy(db_session) desired_policy = { "Version": "2012-10-17", "Statement": [{ "Sid": "S3PermissionsmanagementBucket", "Effect": "Allow", "Action": [ "s3:DeleteBucketPolicy", "s3:PutBucketAcl", "s3:PutBucketPolicy", "s3:PutBucketPublicAccessBlock", ], "Resource": ["arn:aws:s3:::example-org-s3-access-logs"], }], } # print(json.dumps(rendered_policy, indent=4)) self.maxDiff = None self.assertDictEqual(desired_policy, rendered_policy)
def test_sid_group_multiple(self): sid_group = SidGroup() arn_list_from_user = [ "arn:aws:s3:::example-org-s3-access-logs", "arn:aws:kms:us-east-1:123456789012:key/123456", ] access_level = "Permissions management" sid_group.add_by_arn_and_access_level(arn_list_from_user, access_level) output = sid_group.get_sid_group() print(json.dumps(output, indent=4)) desired_output = { "S3PermissionsmanagementBucket": { "arn": ["arn:aws:s3:::example-org-s3-access-logs"], "service": "s3", "access_level": "Permissions management", "arn_format": "arn:${Partition}:s3:::${BucketName}", "actions": [ "s3:DeleteBucketPolicy", "s3:PutBucketAcl", "s3:PutBucketPolicy", "s3:PutBucketPublicAccessBlock", ], "conditions": [], }, "KmsPermissionsmanagementKey": { "arn": ["arn:aws:kms:us-east-1:123456789012:key/123456"], "service": "kms", "access_level": "Permissions management", "arn_format": "arn:${Partition}:kms:${Region}:${Account}:key/${KeyId}", "actions": [ "kms:CreateGrant", "kms:PutKeyPolicy", "kms:RetireGrant", "kms:RevokeGrant", ], "conditions": [], }, } self.maxDiff = None self.assertDictEqual(desired_output, output) desired_policy = { "Version": "2012-10-17", "Statement": [ { "Sid": "S3PermissionsmanagementBucket", "Effect": "Allow", "Action": [ "s3:DeleteBucketPolicy", "s3:PutBucketAcl", "s3:PutBucketPolicy", "s3:PutBucketPublicAccessBlock", ], "Resource": ["arn:aws:s3:::example-org-s3-access-logs"], }, { "Sid": "KmsPermissionsmanagementKey", "Effect": "Allow", "Action": [ "kms:CreateGrant", "kms:PutKeyPolicy", "kms:RetireGrant", "kms:RevokeGrant", ], "Resource": ["arn:aws:kms:us-east-1:123456789012:key/123456"], }, ], } rendered_policy = sid_group.get_rendered_policy() self.assertDictEqual(desired_policy, rendered_policy)