def test_iam_no_admin_list(self): import json from security_monkey.auditors.iam.iam_policy import IAMPolicyAuditor auditor = IAMPolicyAuditor(accounts=['unittest']) iamobj = MockIAMObj() iamobj.config = {'InlinePolicies': dict(MyPolicy=json.loads(NO_ADMIN_POLICY_LIST))} self.assertIs(len(iamobj.audit_issues), 0, "Policy should have 0 alert but has {}".format(len(iamobj.audit_issues))) auditor.check_star_privileges(iamobj) self.assertIs(len(iamobj.audit_issues), 0, "Policy should have 0 alert but has {}".format(len(iamobj.audit_issues)))
def test_full_admin_list(self): import json from security_monkey.auditors.iam.iam_policy import IAMPolicyAuditor auditor = IAMPolicyAuditor(accounts=['unittest']) iamobj = MockIAMObj() iamobj.config = {'InlinePolicies': dict(MyPolicy=json.loads(FULL_ADMIN_POLICY_LIST))} self.assertIs(len(iamobj.audit_issues), 0, "Policy should have 0 alert but has {}".format(len(iamobj.audit_issues))) auditor.check_star_privileges(iamobj) self.assertIs(len(iamobj.audit_issues), 1, "Policy should have 1 alert but has {}".format(len(iamobj.audit_issues))) self.assertEquals(iamobj.audit_issues[0].issue, 'Administrator Access') self.assertEquals(iamobj.audit_issues[0].notes, 'Actions: ["*"] Resources: ["someresource"]')
def test_iam_no_admin_list(self): import json from security_monkey.auditors.iam.iam_policy import IAMPolicyAuditor auditor = IAMPolicyAuditor(accounts=['unittest']) iamobj = MockIAMObj() iamobj.config = { 'InlinePolicies': dict(MyPolicy=json.loads(NO_ADMIN_POLICY_LIST)) } self.assertIs( len(iamobj.audit_issues), 0, "Policy should have 0 alert but has {}".format( len(iamobj.audit_issues))) auditor.check_star_privileges(iamobj) self.assertIs( len(iamobj.audit_issues), 0, "Policy should have 0 alert but has {}".format( len(iamobj.audit_issues)))
def test_full_admin_list(self): import json from security_monkey.auditors.iam.iam_policy import IAMPolicyAuditor auditor = IAMPolicyAuditor(accounts=['unittest']) iamobj = MockIAMObj() iamobj.config = { 'InlinePolicies': dict(MyPolicy=json.loads(FULL_ADMIN_POLICY_LIST)) } self.assertIs( len(iamobj.audit_issues), 0, "Policy should have 0 alert but has {}".format( len(iamobj.audit_issues))) auditor.check_star_privileges(iamobj) self.assertIs( len(iamobj.audit_issues), 1, "Policy should have 1 alert but has {}".format( len(iamobj.audit_issues))) self.assertEquals(iamobj.audit_issues[0].issue, 'Administrator Access') self.assertEquals(iamobj.audit_issues[0].notes, 'Actions: ["*"] Resources: ["someresource"]')