def test_crud_template(self):
desired_msg = """mode: crud
name: myrole
# Specify resource ARNs
read:
- ''
write:
- ''
list:
- ''
tagging:
- ''
permissions-management:
- ''
# Actions that do not support resource constraints
wildcard-only:
single-actions: # standalone actions
- ''
# Service-wide - like 's3' or 'ec2'
service-read:
- ''
service-write:
- ''
service-list:
- ''
service-tagging:
- ''
service-permissions-management:
- ''"""
crud_template = create_crud_template("myrole")
self.assertEqual(desired_msg, crud_template)
def test_crud_template(self):
desired_msg = """mode: crud
name: ''
# Specify resource ARNs
read:
- ''
write:
- ''
list:
- ''
tagging:
- ''
permissions-management:
- ''
# Actions that do not support resource constraints
wildcard-only:
single-actions: # standalone actions
- ''
# Service-wide - like 's3' or 'ec2'
service-read:
- ''
service-write:
- ''
service-list:
- ''
service-tagging:
- ''
service-permissions-management:
- ''
# Skip resource constraint requirements by listing actions here.
skip-resource-constraints:
- ''
# Exclude actions from the output by specifying them here. Accepts wildcards, like kms:Delete*
exclude-actions:
- ''
# If this policy needs to include an AssumeRole action
sts:
assume-role:
- ''
assume-role-with-saml:
- ''
assume-role-with-web-identity:
- ''
"""
crud_template = create_crud_template()
self.maxDiff = None
self.assertEqual(desired_msg, crud_template)
def create_template(output_file, template_type, name):
"""
Writes YML file templates for use in the write-policy
command, so users can fill out the fields
without needing to look up the required format.
"""
filename = Path(output_file).resolve()
if template_type == "actions":
actions_template = create_actions_template(name)
with open(filename, 'a') as file_obj:
for line in actions_template:
file_obj.write(line)
if template_type == "crud":
crud_template = create_crud_template(name)
with open(filename, 'a') as file_obj:
for line in crud_template:
file_obj.write(line)
print("write-policy template file written to:" + str(filename))
def create_template(output_file, template_type, verbose):
"""
Writes YML file templates for use in the write-policy
command, so users can fill out the fields
without needing to look up the required format.
"""
if verbose:
log_level = getattr(logging, verbose.upper())
set_stream_logger(level=log_level)
filename = Path(output_file).resolve()
if template_type == "actions":
actions_template = create_actions_template()
with open(filename, "a") as file_obj:
for line in actions_template:
file_obj.write(line)
if template_type == "crud":
crud_template = create_crud_template()
with open(filename, "a") as file_obj:
for line in crud_template:
file_obj.write(line)
print(f"write-policy template file written to: {filename}")
def test_crud_template(self):
desired_msg = """# Generate my policy when I know the access levels and ARNs
mode: crud
name: myrole
description: '' # For human auditability
role_arn: '' # For human auditability
# Insert ARNs under each access level below
# If you do not need to use certain access levels, delete them.
read:
- ''
write:
- ''
list:
- ''
tagging:
- ''
permissions-management:
- ''
# If the policy needs to use IAM actions that cannot be restricted to ARNs,
# like ssm:DescribeParameters, specify those actions here.
wildcard:
- ''"""
crud_template = create_crud_template("myrole")
self.assertEqual(desired_msg, crud_template)