Exemplos de FullWildcardPrincipalRule em Python

Exemplo n.º 1

Arquivo: test_FullWildcardPrincipal.py Projeto: Yahyaberkdar/cfripper

def test_no_failures_are_raised(good_template):
    rule = FullWildcardPrincipalRule(None)
    result = rule.invoke(good_template)

    assert result.valid
    assert len(result.failed_rules) == 0
    assert len(result.failed_monitored_rules) == 0

Exemplo n.º 2

def test_failures_are_raised(bad_template):
    rule = FullWildcardPrincipalRule(None)
    result = rule.invoke(bad_template)

    assert not result.valid
    assert len(result.failed_rules) == 1
    assert len(result.failed_monitored_rules) == 0
    assert result.failed_rules[0].rule == "FullWildcardPrincipalRule"
    assert result.failed_rules[0].reason == "PolicyA should not allow wildcards in principals (principal: '*')"

Exemplo n.º 3

Arquivo: test_FullWildcardPrincipal.py Projeto: syllogy/cfripper

def test_failures_are_raised(bad_template):
    rule = FullWildcardPrincipalRule(None)
    result = rule.invoke(bad_template)

    assert not result.valid
    assert compare_lists_of_failures(
        result.failures,
        [
            Failure(
                rule_mode=RuleMode.BLOCKING,
                rule="FullWildcardPrincipalRule",
                reason=
                "PolicyA should not allow wildcards in principals (principal: '*')",
                granularity=RuleGranularity.RESOURCE,
                risk_value=RuleRisk.HIGH,
                actions=None,
                resource_ids={"PolicyA"},
            )
        ],
    )

Exemplo n.º 4

def test_failures_are_raised(bad_template):
    rule = FullWildcardPrincipalRule(None)
    result = rule.invoke(bad_template)

    assert not result.valid
    assert compare_lists_of_failures(
        result.failures,
        [
            Failure(
                rule_mode=RuleMode.BLOCKING,
                rule="FullWildcardPrincipalRule",
                reason=
                "PolicyA should not allow full wildcard '*', or wildcard in account ID like 'arn:aws:iam::*:12345' at '*'",
                granularity=RuleGranularity.RESOURCE,
                risk_value=RuleRisk.HIGH,
                actions=None,
                resource_ids={"PolicyA"},
                resource_types={"AWS::IAM::Policy"},
            )
        ],
    )

Exemplo n.º 5

Arquivo: test_FullWildcardPrincipal.py Projeto: syllogy/cfripper

def test_rule_supports_filter_config(bad_template, default_allow_all_config):
    rule = FullWildcardPrincipalRule(default_allow_all_config)
    result = rule.invoke(bad_template)

    assert result.valid
    assert compare_lists_of_failures(result.failures, [])

Exemplo n.º 6

Arquivo: test_FullWildcardPrincipal.py Projeto: syllogy/cfripper

def test_no_failures_are_raised(good_template):
    rule = FullWildcardPrincipalRule(None)
    result = rule.invoke(good_template)

    assert result.valid
    assert compare_lists_of_failures(result.failures, [])