def test_manage_state_updates_nonmatching_permissions():
lambda_client_double = MagicMock()
# Policy actually: present Requested State: present Should: do nothing
lambda_client_double.get_policy.return_value = fake_policy_return
fake_module_params = copy.deepcopy(fake_module_params_different)
module_double.params = fake_module_params
lambda_policy.manage_state(module_double, lambda_client_double)
assert lambda_client_double.get_policy.call_count > 0
assert lambda_client_double.add_permission.call_count > 0
assert lambda_client_double.remove_permission.call_count > 0
def test_manage_state_removes_unwanted_permissions():
lambda_client_double = MagicMock()
# Policy actually: present Requested State: not present Should: remove
lambda_client_double.get_policy.return_value = fake_policy_return
fake_module_params = copy.deepcopy(fake_module_params_absent)
module_double.params = fake_module_params
lambda_policy.manage_state(module_double, lambda_client_double)
assert lambda_client_double.get_policy.call_count > 0
lambda_client_double.add_permission.assert_not_called()
assert lambda_client_double.remove_permission.call_count > 0
def test_manage_state_leaves_already_removed_permissions():
lambda_client_double = MagicMock()
# Policy actually: absent Requested State: absent Should: do nothing
lambda_client_double.get_policy.side_effect = resource_not_found_e
fake_module_params = copy.deepcopy(fake_module_params_absent)
module_double.params = fake_module_params
lambda_policy.manage_state(module_double, lambda_client_double)
assert lambda_client_double.get_policy.call_count > 0
lambda_client_double.add_permission.assert_not_called()
lambda_client_double.remove_permission.assert_not_called()
def test_manage_state_adds_missing_permissions():
lambda_client_double = MagicMock()
# Policy actually: not present Requested State: present Should: create
lambda_client_double.get_policy.side_effect = resource_not_found_e
fake_module_params = copy.deepcopy(fake_module_params_present)
module_double.params = fake_module_params
lambda_policy.manage_state(module_double, lambda_client_double)
assert lambda_client_double.get_policy.call_count > 0
assert lambda_client_double.add_permission.call_count > 0
lambda_client_double.remove_permission.assert_not_called()
def test_manage_state_leaves_already_removed_permissions():
lambda_client_double = MagicMock()
# Policy actually: absent Requested State: absent Should: do nothing
lambda_client_double.get_policy.side_effect = ClientError(error_response, operation_name)
fake_module_params = copy.deepcopy(fake_module_params_absent)
module_double.params = fake_module_params
lambda_policy.manage_state(module_double, lambda_client_double)
assert lambda_client_double.get_policy.call_count > 0
lambda_client_double.add_permission.assert_not_called()
lambda_client_double.remove_permission.assert_not_called()
def test_manage_state_removes_unwanted_permissions():
lambda_client_double = MagicMock()
# Policy actually: present Requested State: not present Should: remove
lambda_client_double.get_policy.return_value = fake_policy_return
fake_module_params = copy.deepcopy(fake_module_params_absent)
module_double.params = fake_module_params
lambda_policy.manage_state(module_double, lambda_client_double)
assert lambda_client_double.get_policy.call_count > 0
lambda_client_double.add_permission.assert_not_called()
assert lambda_client_double.remove_permission.call_count > 0
def test_manage_state_updates_nonmatching_permissions():
lambda_client_double = MagicMock()
# Policy actually: present Requested State: present Should: do nothing
lambda_client_double.get_policy.return_value = fake_policy_return
fake_module_params = copy.deepcopy(fake_module_params_different)
module_double.params = fake_module_params
lambda_policy.manage_state(module_double, lambda_client_double)
assert lambda_client_double.get_policy.call_count > 0
assert lambda_client_double.add_permission.call_count > 0
assert lambda_client_double.remove_permission.call_count > 0
