예제 #1
0
def test_allow_and_deny():
    '''Test policy with an allow and deny'''
    method1 = MethodArn('us-east-1', 'accountid', method='GET')
    method2 = MethodArn('us-east-1', 'accountid', method='DELETE', resource='spam/*')
    policy = AuthPolicy(USER).allow(method1).deny(method2).build()

    assert policy == dict(
        principalId='user1',
        context=dict(
            authorities='authority1,authority2'
        ),
        policyDocument=dict(
            Version='2012-10-17',
            Statement=[
                dict(
                    Action='execute-api:Invoke',
                    Effect='Allow',
                    Resource=[str(method1)]
                ),
                dict(
                    Action='execute-api:Invoke',
                    Effect='Deny',
                    Resource=[str(method2)]
                )
            ]
        )
    )
예제 #2
0
def test_copy_invalid_method():
    '''Test copying with an invalid method'''
    arn_string = 'arn:aws:execute-api:us-east-1:1234567890:abcdefgh/latest/DELETE/foo/bar/123'
    arn = MethodArn.parse(arn_string)

    with pytest.raises(ValueError):
        arn.copy(method='LOLCATS')
예제 #3
0
def test_copy_to_root_resource():
    '''test copying to a root resource'''
    arn_string = 'arn:aws:execute-api:us-east-1:1234567890:abcdefgh/latest/GET/some/path'
    method = MethodArn.parse(arn_string)

    updated = method.copy(resource='')
    assert updated.resource == ''
예제 #4
0
    def parse(cls, event):
        '''Parse the AWS-provided authorization event.  Raises ValueError'''
        try:
            token_type, access_token = event['authorizationToken'].split(' ')
        except ValueError:
            print_exc()
            raise Exception('Unauthorized')

        return cls(token_type, access_token,
                   MethodArn.parse(event['methodArn']))
예제 #5
0
def test_wildcard():
    '''Test parsing an arn with a wilcard resource'''
    arn_string = 'arn:aws:execute-api:us-east-1:1234567890:abcdefgh/latest/DELETE/*'
    arn = MethodArn.parse(arn_string)

    assert str(arn) == arn_string
    assert arn.region == 'us-east-1'
    assert arn.account_id == '1234567890'
    assert arn.rest_api_id == 'abcdefgh'
    assert arn.stage == 'latest'
    assert arn.method == HttpMethod.DELETE
    assert arn.resource == '*'
예제 #6
0
def test_copy():
    '''Test updating an arn'''
    arn_string = 'arn:aws:execute-api:us-east-1:1234567890:abcdefgh/latest/DELETE/foo/bar/123'
    arn = MethodArn.parse(arn_string)
    assert str(arn) == arn_string

    updated = arn.copy(method='PUT', resource='spam/ham/eggs')
    assert updated.method == HttpMethod.PUT
    assert updated.resource == 'spam/ham/eggs'
    assert str(updated) == (
        'arn:aws:execute-api:us-east-1:1234567890:abcdefgh/latest/PUT/spam/ham/eggs'
    )
예제 #7
0
def test_nested_resource():
    '''Test parsing an ARN with a nested resource'''
    arn_string = 'arn:aws:execute-api:us-east-1:1234567890:abcdefgh/staging/GET/spam/ham/eggs'
    arn = MethodArn.parse(arn_string)

    assert str(arn) == arn_string
    assert arn.region == 'us-east-1'
    assert arn.account_id == '1234567890'
    assert arn.rest_api_id == 'abcdefgh'
    assert arn.stage == 'staging'
    assert arn.method == HttpMethod.GET
    assert arn.resource == 'spam/ham/eggs'
예제 #8
0
def test_allow_method():
    '''Test generating a polict with one allowed method'''
    method = MethodArn('us-east-1', 'accountid', method='GET')
    policy = AuthPolicy(USER).allow(method).build()
    assert policy == dict(
        principalId='user1',
        context=dict(
            authorities='authority1,authority2'
        ),
        policyDocument=dict(
            Version='2012-10-17',
            Statement=[
                dict(
                    Action='execute-api:Invoke',
                    Effect='Allow',
                    Resource=[str(method)]
                )
            ]
        )
    )
예제 #9
0
def test_anonymous_user():
    '''Test anonymous user policy'''
    all_methods = MethodArn('us-east-1', 'accountid', HttpMethod.ALL, '*')
    policy = AuthPolicy(None).deny(all_methods).build()

    assert policy == dict(
        principalId='anonymous',
        context=dict(
            authorities='ROLE_ANONYMOUS'
        ),
        policyDocument=dict(
            Version='2012-10-17',
            Statement=[
                dict(
                    Action='execute-api:Invoke',
                    Effect='Deny',
                    Resource=[str(all_methods)]
                )
            ]
        )
    )
예제 #10
0
def test_with_tilde():
    arn_string = 'arn:aws:execute-api:us-east-1:1234567890:abcdefgh/latest/GET/some/path~foo'
    method = MethodArn.parse(arn_string)
    assert method.resource == 'some/path~foo'
예제 #11
0
def test_empty_resource():
    '''Test with an empty resource'''
    arn_string = 'arn:aws:execute-api:us-east-1:1234567890:abcdefgh/latest/GET/'
    method = MethodArn.parse(arn_string)
    assert method.resource == ''
예제 #12
0
def test_invalid_resource():
    '''Test with an invalid resource'''
    arn_string = 'arn:aws:execute-api:us-east-1:1234567890:abcdefgh/latest/GET/foo;bar'

    with pytest.raises(ValueError):
        MethodArn.parse(arn_string)
예제 #13
0
def test_leading_resource_slash():
    '''Test with a resource that has an extra slash'''
    arn_string = 'arn:aws:execute-api:us-east-1:1234567890:abcdefgh/latest/GET//foo/bar/123'
    arn = MethodArn.parse(arn_string)
    assert arn.method == HttpMethod.GET
    assert arn.resource == 'foo/bar/123'
예제 #14
0
def test_invalid_method():
    '''Test with an invalid http method'''
    arn_string = 'arn:aws:execute-api:us-east-1:1234567890:abcdefgh/latest/LOLCATS/foo/bar/123'
    with pytest.raises(ValueError):
        MethodArn.parse(arn_string)