def setUp(self):
test_user = User('TestUser', groups=['group1', 'group2'])
allpolicy = InlinePolicy('TestPolicy')
allpolicydoc = PolicyDocument()
allstatement = Statement("Allow", ["*"], "*")
allpolicydoc.add_statement(allstatement)
allpolicy.set_policy_document(allpolicydoc)
test_user.add_policy(allpolicy)
test_user.set_login_profile('mypass')
test_user.set_managed_policy_arns(['arn1', 'arn2'])
self.test_dict = transform_user(test_user)
def setUp(self):
test_group = Group('TestGroup', users=['user1', 'user2'])
allpolicy = InlinePolicy('TestPolicy')
allpolicydoc = PolicyDocument()
allstatement = Statement("Allow", ["*"], "*")
allpolicydoc.add_statement(allstatement)
allpolicy.set_policy_document(allpolicydoc)
test_group.add_policy(allpolicy)
test_group.set_managed_policy_arns(['arn1', 'arn2'])
self.test_dict = transform_group(test_group)
self.test_mapping = transform_group_users(test_group)
def setUp(self):
test_group = Group('TestGroup', ['user1', 'user2'])
allpolicydoc = PolicyDocument()
allstatement = Statement("Allow", ["*"], "*")
allpolicydoc.add_statement(allstatement)
allinlinepolicy = InlinePolicy('TestPolicy')
allinlinepolicy.set_policy_document(allpolicydoc)
test_group.add_policy(allinlinepolicy)
test_group.set_managed_policy_arns(['arn1', 'arn2'])
test_group.add_users(['user3'])
self.test_group = test_group
def setUp(self):
test_role = Role("RootRole")
adoc = PolicyDocument()
astatement = Statement("Allow", ["sts:AssumeRole"])
astatement.set_service_principal(["ec2.amazonaws.com"])
adoc.add_statement(astatement)
allpolicy = InlinePolicy("root")
allpolicydoc = PolicyDocument()
allstatement = Statement("Allow", ["*"], "*")
allpolicydoc.add_statement(allstatement)
allpolicy.set_policy_document(allpolicydoc)
test_role.set_assume_policy(adoc)
test_role.add_policy(allpolicy)
self.test_role = test_role
def test_chaining(self):
test_user = User('TestUser').set_login_profile('mypass'). \
set_managed_policy_arns(['arn1', 'arn2'])
test_group = Group('TestGroup').add_policy(
InlinePolicy('MyPolicy').set_policy_document(
PolicyDocument().add_statement(
Statement('Allow', 's3:*', '*')
)
)
)
test_role = Role('TestRole').add_policy(
InlinePolicy('MyPolicy').set_policy_document(
PolicyDocument().add_statement(
Statement('Allow', 's3:*', '*')
)
)
)
self.assertIsInstance(test_user, User)
self.assertIsInstance(test_group, Group)
self.assertIsInstance(test_role, Role)
from rack_iam import Role
from rack_iam import PolicyDocument, InlinePolicy
from rack_iam import Statement
# While objects should be created properly the first time,
# there may be instances such as user input data where that
# may not be possible. In such cases a few of the functional style
# parts of Python can be used to manipulate things:
myRole = Role('TestRole').set_assume_policy(PolicyDocument().add_statement(
Statement('Allow', 'sts:AssumeRole').set_service_principal(
['lambda.amazonaws.com']))).add_policy(
InlinePolicy('MyPolicy').set_policy_document(
PolicyDocument().add_statements([
Statement('Allow', 's3:*', '*'),
Statement('Allow', 'es:*', '*'),
Statement('Deny', 'ec2:*', '*', sid='DenyEc2')
])))
myRole.policies[0].policy_document.statements =\
filter((lambda x: x.sid != 'DenyEc2'),
myRole.policies[0].policy_document.statements)
print(len(myRole.policies[0].policy_document.statements))
print(myRole.policies[0].policy_document.statements[0].action)
print(myRole.policies[0].policy_document.statements[1].action)
# python mutation.py
# 2
# s3:*
# es:*
from rack_iam import Role
from rack_iam import PolicyDocument, InlinePolicy
from rack_iam import Statement
# In some cases standard object construction can lead to a lot of temporary
# variables. For example:
myRole = Role('TestRole')
assumed_policy_doc = PolicyDocument()
lambda_assume = Statement('Allow', 'sts:AssumeRole')
lambda_assume.set_service_principal(['lambda.amazonaws.com'])
assumed_policy_doc.add_statement(lambda_assume)
myRole.set_assume_policy(assumed_policy_doc)
all_s3_policy = InlinePolicy('AllS3')
all_s3_doc = PolicyDocument()
all_s3_permissions = Statement('Allow', 's3:*', '*')
all_s3_doc.add_statement(all_s3_permissions)
all_s3_policy.set_policy_document(all_s3_doc)
myRole.add_policy(all_s3_policy)
# This can get pretty cumbersome and hard to read. To avoid the use of temporary
# variables for one time type assignment you can use method chaining like so:
myOtherRole = Role('TestRole').set_assume_policy(
PolicyDocument().add_statement(
Statement('Allow', 'sts:AssumeRole').set_service_principal(
['lambda.amazonaws.com']
)
)
).add_policy(