def test_does_arn_match_case_3(self):
# Case 3: arn:partition:service:region:account-id:resourcetype/resource/qualifier
arn_to_test = "arn:aws:kinesis:us-east-1:account-id:firehose/myfirehose/consumer/someconsumer:${ConsumerCreationTimpstamp}"
arn_in_database = "arn:aws:kinesis:${Region}:${Account}:${StreamType}/${StreamName}/consumer/${ConsumerName}:${ConsumerCreationTimpstamp}"
# https://docs.aws.amazon.com/kinesis/latest/APIReference/API_ConsumerDescription.html
this_arn = ARN(arn_to_test)
self.assertTrue(this_arn.same_resource_type(arn_in_database))
def test_does_arn_match_case_6(self):
# Case 6: arn:partition:service:region:account-id:resourcetype:resource:qualifier
arn_to_test = (
"arn:aws:states:region:account-id:execution:stateMachineName:executionName"
)
arn_in_database = "arn:${Partition}:states:${Region}:${Account}:execution:${StateMachineName}:${ExecutionId}"
this_arn = ARN(arn_to_test)
self.assertTrue(this_arn.same_resource_type(arn_in_database))
def test_does_arn_match_case_1(self):
# Case 1: arn:partition:service:region:account-id:resource
arn_to_test = "arn:aws:codecommit:us-east-1:123456789012:MyDemoRepo"
arn_in_database = (
"arn:${Partition}:codecommit:${Region}:${Account}:${RepositoryName}"
)
this_arn = ARN(arn_to_test)
self.assertTrue(this_arn.same_resource_type(arn_in_database))
def test_gh_237_ssm_arns_with_paths(self):
"""test_gh_237_ssm_arns_with_paths: Test GitHub issue #204 with resource ARN paths"""
crud_template = {
"mode": "crud",
'read': ["arn:aws:ssm:::parameter/dev/foo/bar*"]
}
# result = write_policy_with_template(crud_template)
# print(json.dumps(result, indent=4))
arn = ARN("arn:aws:ssm:::parameter/dev/foo/bar*")
self.assertTrue(arn.same_resource_type("arn:aws:ssm:::parameter/dev"))
def test_does_arn_match_rds(self):
arns_to_test = [
"arn:${Partition}:rds:${Region}:${Account}:cluster:${DbClusterInstanceName}",
"arn:${Partition}:rds:${Region}:${Account}:cluster-endpoint:${DbClusterEndpoint}",
"arn:${Partition}:rds:${Region}:${Account}:cluster-pg:${ClusterParameterGroupName}",
"arn:${Partition}:rds:${Region}:${Account}:cluster-snapshot:${ClusterSnapshotName}",
"arn:${Partition}:rds:${Region}:${Account}:es:${SubscriptionName}",
"arn:${Partition}:rds:${Account}:global-cluster:${GlobalCluster}",
"arn:${Partition}:rds:${Region}:${Account}:og:${OptionGroupName}",
"arn:${Partition}:rds:${Region}:${Account}:pg:${ParameterGroupName}",
"arn:${Partition}:rds:${Region}:${Account}:db-proxy:${DbProxyId}",
"arn:${Partition}:rds:${Region}:${Account}:ri:${ReservedDbInstanceName}",
"arn:${Partition}:rds:${Region}:${Account}:secgrp:${SecurityGroupName}",
"arn:${Partition}:rds:${Region}:${Account}:snapshot:${SnapshotName}",
"arn:${Partition}:rds:${Region}:${Account}:subgrp:${SubnetGroupName}",
"arn:${Partition}:rds:${Region}:${Account}:target:${TargetId}",
"arn:${Partition}:rds:${Region}:${Account}:target-group:${TargetGroupId}"
]
arn_in_database = "arn:${Partition}:rds:${Region}:${Account}:db:${DbInstanceName}"
for arn in arns_to_test:
this_arn = ARN(arn)
self.assertFalse(this_arn.same_resource_type(arn_in_database))
arn_to_test = "arn:${Partition}:rds:${Region}:${Account}:cluster:${DbClusterInstanceName}"
this_arn = ARN(arn_to_test)
self.assertFalse(this_arn.same_resource_type(arn_in_database))
arn_to_test = "arn:${Partition}:rds:${Region}:${Account}:db:${DbInstanceName}"
arn_in_database = "arn:${Partition}:rds:${Region}:${Account}:db:${DbInstanceName}"
this_arn = ARN(arn_to_test)
self.assertTrue(this_arn.same_resource_type(arn_in_database))
def test_dynamodb_arn_matching_gh_215(self):
"""test_dynamodb_arn_matching_gh_215: Validate fix for DynamoDB arn mismatch in GitHub issue #215"""
index = "arn:${Partition}:dynamodb:${Region}:${Account}:table/${TableName}/index/${IndexName}"
stream = "arn:${Partition}:dynamodb:${Region}:${Account}:table/${TableName}/stream/${StreamLabel}"
table = "arn:${Partition}:dynamodb:${Region}:${Account}:table/${TableName}"
backup = "arn:${Partition}:dynamodb:${Region}:${Account}:table/${TableName}/backup/${BackupName}"
global_table = "arn:${Partition}:dynamodb::${Account}:global-table/${GlobalTableName}"
this_arn = ARN("arn:aws:dynamodb:us-east-1:123456789123:table/mytable")
self.assertTrue(this_arn.same_resource_type(table))
result = this_arn.same_resource_type(index)
self.assertFalse(result)
result = this_arn.same_resource_type(stream)
self.assertFalse(result)
result = this_arn.same_resource_type(backup)
self.assertFalse(result)
result = this_arn.same_resource_type(global_table)
self.assertFalse(result)
this_arn = "arn:aws:dynamodb:us-east-1:123456789123:table/mytable"
self.assertTrue(does_arn_match(this_arn, table))
self.assertFalse(does_arn_match(this_arn, index))
self.assertFalse(does_arn_match(this_arn, stream))
self.assertFalse(does_arn_match(this_arn, backup))
self.assertFalse(does_arn_match(this_arn, global_table))
def test_does_arn_match_resource_wildcard(self):
arn_to_test = "arn:${Partition}:rds:${Region}:${Account}:*:*"
arn_in_database = "arn:${Partition}:rds:${Region}:${Account}:db:${DbInstanceName}"
this_arn = ARN(arn_to_test)
self.assertTrue(this_arn.same_resource_type(arn_in_database))
# Make sure wrong service yields False
arn_to_test = "arn:${Partition}:s3:${Region}:${Account}:*:*"
arn_in_database = "arn:${Partition}:rds:${Region}:${Account}:db:${DbInstanceName}"
this_arn = ARN(arn_to_test)
self.assertFalse(this_arn.same_resource_type(arn_in_database))
def test_does_arn_match_case_greengrass(self):
# Undocumented case: AWS Greengrass: arn:aws:greengrass:${Region}:${Account}:/greengrass/definition/devices/${DeviceDefinitionId}/versions/${VersionId}
arn_to_test = "arn:aws:greengrass:${Region}:${Account}:/greengrass/definition/devices/1234567/versions/1"
arn_in_database = "arn:aws:greengrass:${Region}:${Account}:/greengrass/definition/devices/${DeviceDefinitionId}/versions/${VersionId}"
this_arn = ARN(arn_to_test)
self.assertTrue(this_arn.same_resource_type(arn_in_database))
def test_does_arn_match_case_5(self):
# Case 5: arn:partition:service:region:account-id:resourcetype:resource
arn_to_test = "arn:aws:states:region:account-id:stateMachine:stateMachineName"
arn_in_database = "arn:${Partition}:states:${Region}:${Account}:stateMachine:${StateMachineName}"
this_arn = ARN(arn_to_test)
self.assertTrue(this_arn.same_resource_type(arn_in_database))
def test_does_arn_match_case_4(self):
# Case 4: arn:partition:service:region:account-id:resourcetype/resource:qualifier
arn_to_test = "arn:aws:batch:region:account-id:job-definition/job-name:revision"
arn_in_database = "arn:${Partition}:batch:${Region}:${Account}:job-definition/${JobDefinitionName}:${Revision}"
this_arn = ARN(arn_to_test)
self.assertTrue(this_arn.same_resource_type(arn_in_database))
def test_does_arn_match_case_2(self):
# Case 2: arn:partition:service:region:account-id:resourcetype/resource
arn_to_test = "arn:aws:ssm:us-east-1:123456789012:parameter/test"
arn_in_database = "arn:${Partition}:ssm:${Region}:${Account}:parameter/${FullyQualifiedParameterName}"
this_arn = ARN(arn_to_test)
self.assertTrue(this_arn.same_resource_type(arn_in_database))
def test_does_arn_match_case_bucket(self):
# Case 1: arn:partition:service:region:account-id:resource
arn_to_test = "arn:aws:s3:::bucket_name"
arn_in_database = "arn:${Partition}:s3:::${BucketName}"
this_arn = ARN(arn_to_test)
self.assertTrue(this_arn.same_resource_type(arn_in_database))
def test_ssm_paths(self):
parameter_1 = ARN("arn:aws:ssm:::parameter/dev/foo/bar*")
parameter_2 = "arn:aws:ssm:::parameter/dev"
print(parameter_1.same_resource_type(parameter_2))
self.assertTrue(parameter_1.same_resource_type(parameter_2))