def test_retrieval_of_dns_record(certificate):
request = Request("Create", certificate["CertificateArn"])
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
assert "Name" in response["Data"]
assert "Type" in response["Data"]
assert "Value" in response["Data"]
assert response["Data"]["Type"] == "CNAME"
assert "PhysicalResourceId" in response
record_name = response["Data"]["Name"]
physical_resource_id = response["PhysicalResourceId"]
assert physical_resource_id == record_name
request = Request(
"Create",
certificate["CertificateArn"],
certificate["SubjectAlternativeNames"][1],
)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
assert "Name" in response["Data"]
assert "Type" in response["Data"]
assert "Value" in response["Data"]
assert response["Data"]["Type"] == "CNAME"
assert "PhysicalResourceId" in response
assert record_name != response["Data"]["Name"]
assert physical_resource_id != response["PhysicalResourceId"]
def test_update():
# create
value = 'v%s' % uuid.uuid4()
request = Request('Create', value, resource_type='Custom::WorkspacesDirectoryRegistration')
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert 'PhysicalResourceId' in response
assert 'Value' in response['Data']
assert response['Data']['Value'] == value
# update to a new value
new_value = 'new-%s' % value
physical_resource_id = response['PhysicalResourceId']
request = Request('Update', new_value, physical_resource_id, resource_type='Custom::WorkspacesDirectoryRegistration')
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert 'PhysicalResourceId' in response
assert 'Value' in response['Data']
assert response['Data']['Value'] == new_value
# delete the last created
physical_resource_id = response['PhysicalResourceId']
request = Request('Delete', new_value, physical_resource_id)
assert response['Status'] == 'SUCCESS', response['Reason']
def test_refresh_on_update():
# create
ca_name = "ca-%s" % uuid.uuid4()
request = RootCertificateRequest("Create", ca_name)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
hash = response["Data"]["Hash"]
physical_resource_id = response.get("PhysicalResourceId")
request = RootCertificateRequest("Update",
ca_name,
physical_resource_id=physical_resource_id)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
assert response.get("PhysicalResourceId") == physical_resource_id
assert "PublicCertPEM" in response["Data"]
assert response["Data"]["Hash"] == hash
request["ResourceProperties"]["RefreshOnUpdate"] = True
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
assert response.get("PhysicalResourceId") == physical_resource_id
assert "PublicCertPEM" in response["Data"]
assert response["Data"]["Hash"] != hash
request = RootCertificateRequest("Delete",
ca_name,
physical_resource_id=physical_resource_id)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
def test_create_group():
# create
name = 'n%s' % uuid.uuid4()
group = {'name': name, 'description': 'group of {}'.format(name)}
request = Request('Create', group)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert 'PhysicalResourceId' in response
# duplicate create should fail...
err_response = handler(request, {})
assert err_response['Status'] == 'FAILED'
# update
group['description'] = 'groep van {}'.format(name)
request = Request('Update', group, response['PhysicalResourceId'])
response = handler(request, {})
print(json.dumps(response, indent=2))
assert response['Status'] == 'SUCCESS', response['Reason']
assert 'PhysicalResourceId' in response
# delete
physical_resource_id = response['PhysicalResourceId']
request = Request('Delete', {}, physical_resource_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
# duplicate delete is ok...
err_response = handler(request, {})
assert err_response['Status'] == 'SUCCESS'
def test_create():
# create
client = json.loads(json.dumps(sample_client))
client['name'] = 'n%s' % uuid.uuid4()
request = Request('Create', client)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert 'PhysicalResourceId' in response
assert 'ClientId' in response['Data']
assert response['PhysicalResourceId'] == response['Data']['ClientId']
# update
request = Request('Update', client, response['PhysicalResourceId'])
response = handler(request, {})
print json.dumps(response, indent=2)
assert response['Status'] == 'SUCCESS', response['Reason']
assert 'PhysicalResourceId' in response
assert 'ClientId' in response['Data']
assert response['PhysicalResourceId'] == response['Data']['ClientId']
# delete
physical_resource_id = response['PhysicalResourceId']
request = Request('Delete', {}, physical_resource_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
def test_create():
# create
client = json.loads(json.dumps(sample_client))
client['name'] = 'n%s' % uuid.uuid4()
request = Request('Create', client)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert 'PhysicalResourceId' in response
assert 'ClientId' in response['Data']
assert response['PhysicalResourceId'] == response['Data']['ClientId']
# update
request = Request('Update', client, response['PhysicalResourceId'])
response = handler(request, {})
print(json.dumps(response, indent=2))
assert response['Status'] == 'SUCCESS', response['Reason']
assert 'PhysicalResourceId' in response
assert 'ClientId' in response['Data']
assert response['PhysicalResourceId'] == response['Data']['ClientId']
# delete
physical_resource_id = response['PhysicalResourceId']
request = Request('Delete', {}, physical_resource_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
# delete incorrect physical resource id
request = Request('Delete', {}, 'devapi-consumeradmin-ManageOwnConsumersPermission-Y38O818GY2PV')
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
def test_create_incorrect_validation_method():
cert = email_certificate()
request = Request("Create", cert["CertificateArn"])
response = handler(request, {})
assert response["Status"] == "FAILED", response["Reason"]
assert response["Reason"].startswith("domain is using validation method")
def test_retrieval_of_non_existing_domain_name(certificate):
request = Request('Update', certificate['CertificateArn'])
request['ResourceProperties']['DomainName'] = 'nonexisting.domain.name'
response = handler(request, {})
assert response['Status'] == 'FAILED', response['Reason']
assert response['Reason'].startswith(
'No validation option found for domain')
def test_retrieval_of_non_existing_domain_name(certificate):
request = Request("Update", certificate["CertificateArn"])
request["ResourceProperties"]["DomainName"] = "nonexisting.domain.name"
response = handler(request, {})
assert response["Status"] == "FAILED", response["Reason"]
assert response["Reason"].startswith(
"No validation option found for domain")
def test_retrieval_non_existing_certificate():
request = Request(
"Create",
"arn:aws:acm:eu-central-1:111111111111:certificate/ffffffff-ffff-ffff-ffff-ffffffffffff",
)
response = handler(request, {})
assert response["Status"] == "FAILED", response["Reason"]
assert "ResourceNotFoundException" in response["Reason"]
def test_retrieval_non_existing_certificate():
request = Request(
'Create',
'arn:aws:acm:eu-central-1:111111111111:certificate/ffffffff-ffff-ffff-ffff-ffffffffffff'
)
response = handler(request, {})
assert response['Status'] == 'FAILED', response['Reason']
assert 'ResourceNotFoundException' in response['Reason']
def test_rename():
# create
ca_name = "ca-%s" % uuid.uuid4()
new_ca_name = "new-ca-%s" % uuid.uuid4()
request = RootCertificateRequest("Create", ca_name)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
assert "PhysicalResourceId" in response
assert "PublicCertPEM" in response["Data"]
assert "Hash" in response["Data"]
hash = response["Data"]["Hash"]
physical_resource_id = response.get("PhysicalResourceId")
r = ssm.get_parameter(Name=physical_resource_id, WithDecryption=True)
request = RootCertificateRequest("Update",
new_ca_name,
physical_resource_id=physical_resource_id)
request["OldResourceProperties"] = {"CAName": ca_name}
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
assert response.get("PhysicalResourceId") != physical_resource_id
assert "PublicCertPEM" in response["Data"]
assert response["Data"]["Hash"] != hash
assert response["Data"]["CAName"] == new_ca_name
new_physical_resource_id = response["PhysicalResourceId"]
r = ssm.get_parameter(Name=new_physical_resource_id, WithDecryption=True)
failed_update_response = handler(request, {})
assert failed_update_response["Status"] == "FAILED", response["Reason"]
assert "already exists" in failed_update_response["Reason"]
for resource_id, name in [
(physical_resource_id, ca_name),
(new_physical_resource_id, new_ca_name),
]:
request = RootCertificateRequest("Delete",
name,
physical_resource_id=resource_id)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
try:
r = ssm.get_parameter(Name=resource_id)
assert False, f"root ca parameter store {physical_resource_id} still exists"
except ssm.exceptions.ParameterNotFound:
pass
def test_retrieval_of_dns_record_via_update(certificate):
request = Request("Update", certificate["CertificateArn"])
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
assert "Name" in response["Data"]
assert "Type" in response["Data"]
assert "Value" in response["Data"]
assert response["Data"]["Type"] == "CNAME"
assert "PhysicalResourceId" in response
assert response["PhysicalResourceId"] == response["Data"]["Name"]
def test_retrieval_of_dns_record_via_update(certificate):
request = Request('Update', certificate['CertificateArn'])
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert 'Name' in response['Data']
assert 'Type' in response['Data']
assert 'Value' in response['Data']
assert response['Data']['Type'] == 'CNAME'
assert 'PhysicalResourceId' in response
assert response['PhysicalResourceId'] == response['Data']['Name']
def test_create():
name = 'test-%s' % uuid.uuid4()
fs = None
try:
fs_response = efs.create_file_system(CreationToken=name)
fs = fs_response['FileSystemId']
mode, mibs = get_throughput_mode(fs)
assert mode == 'bursting'
request = Request('Create', fs, 'provisioned', 1.0)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert 'PhysicalResourceId' in response
mode, mibs = get_throughput_mode(fs)
assert mode == 'provisioned'
assert mibs == 1.0
physical_resource_id = response['PhysicalResourceId']
request = Request('Update', fs, 'provisioned', 2.0,
physical_resource_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert 'PhysicalResourceId' in response
assert response['PhysicalResourceId'] == physical_resource_id
mode, mibs = get_throughput_mode(fs)
assert mode == 'provisioned'
assert mibs == 2.0
# delete
request['RequestType'] = 'Delete'
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
mode, mibs = get_throughput_mode(fs)
assert mode == 'provisioned'
except:
if fs is not None:
efs.delete_file_system(FileSystemId=fs)
raise
def test_crud():
# create
ca_name = "ca-%s" % uuid.uuid4()
try:
request = RootCertificateRequest("Create", ca_name)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
assert "PhysicalResourceId" in response
assert "PublicCertPEM" in response["Data"]
assert "Hash" in response["Data"]
assert response["Data"]["CAName"] == ca_name
hash = response["Data"]["Hash"]
physical_resource_id = response.get("PhysicalResourceId")
r = ssm.get_parameter(Name=response["PhysicalResourceId"],
WithDecryption=True)
request = RootCertificateRequest(
"Update", ca_name, physical_resource_id=physical_resource_id)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
assert "PhysicalResourceId" in response
assert "PublicCertPEM" in response["Data"]
assert response["Data"]["Hash"] == hash
r = ssm.get_parameter(Name=response["PhysicalResourceId"],
WithDecryption=True)
request = RootCertificateRequest(
"Delete", ca_name, physical_resource_id=physical_resource_id)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
try:
r = ssm.get_parameter(Name=response["PhysicalResourceId"],
WithDecryption=True)
assert False, f"root ca parameter store {physical_resource_id} still exists"
except ssm.exceptions.ParameterNotFound:
pass
finally:
pass
handler(RootCertificateRequest("Delete", ca_name), {})
def test_find_all_root_cas():
base_name = "ca-%s" % uuid.uuid4()
ca_names = set([f"{base_name}-{x}" for x in range(0, 4)])
try:
for ca_name in ca_names:
request = RootCertificateRequest("Create", ca_name)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
root_cas = find_all_root_cas()
assert ca_names == root_cas.intersection(ca_names)
finally:
for ca_name in ca_names:
request = RootCertificateRequest(
"Delete",
ca_name,
physical_resource_id=
"arn:aws:ssm:eu-central-1:123456789012:parameter/x",
)
response = handler(request, {})
print(response["Reason"])
def test_create():
# create
value = 'v%s' % uuid.uuid4()
request = Request('Create', value)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert 'PhysicalResourceId' in response
assert 'Value' in response['Data']
assert response['Data']['Value'] == value
# delete
physical_resource_id = response['PhysicalResourceId']
request = Request('Delete', value, physical_resource_id)
assert response['Status'] == 'SUCCESS', response['Reason']
def test_retrieval_of_dns_record(certificate):
request = Request('Create', certificate['CertificateArn'])
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert 'Name' in response['Data']
assert 'Type' in response['Data']
assert 'Value' in response['Data']
assert response['Data']['Type'] == 'CNAME'
assert 'PhysicalResourceId' in response
record_name = response['Data']['Name']
physical_resource_id = response['PhysicalResourceId']
assert physical_resource_id == record_name
request = Request('Create', certificate['CertificateArn'],
certificate['SubjectAlternativeNames'][1])
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert 'Name' in response['Data']
assert 'Type' in response['Data']
assert 'Value' in response['Data']
assert response['Data']['Type'] == 'CNAME'
assert 'PhysicalResourceId' in response
assert record_name != response['Data']['Name']
assert physical_resource_id != response['PhysicalResourceId']
def test_search_criteria():
search = {
"maxItems": 2,
"searchCriteria": [{
"fieldName": "name",
"stringValue": "SMTP Server"
}],
}
request = Request("Create", "firewallRule", search)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
assert "PhysicalResourceId" in response
assert response["PhysicalResourceId"] is not None
rule_id = response["PhysicalResourceId"]
request = Request("Update",
"firewallRule",
search,
physical_resource_id=rule_id)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
assert "PhysicalResourceId" in response
assert response["PhysicalResourceId"] is not None
assert response["PhysicalResourceId"] == rule_id
def test_search_combined():
search = {
"maxItems":
2,
"searchCriteria": [{
"fieldName": "name",
"stringValue": "SMTP%",
"stringWildcards": True
}],
}
request = Request("Create",
"firewallRule",
search=search,
name="SMTP Server")
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
assert "PhysicalResourceId" in response
assert response["PhysicalResourceId"] is not None
def test_create():
# create
value = json.loads(json.dumps(sample_provider))
request = Request('Create', value)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert 'PhysicalResourceId' in response
request = Request('Create', value)
response = handler(request, {})
assert response['Status'] == 'FAILED', response['Reason']
assert 'PhysicalResourceId' in response
assert len(response['Reason']) > 0
assert response['PhysicalResourceId'] == 'could-not-create'
# update
value['credentials']['smtp_host'] = 'another-localhost'
request = Request('Update', value, response['PhysicalResourceId'])
response = handler(request, {})
print(json.dumps(response, indent=2))
assert response['Status'] == 'SUCCESS', response['Reason']
assert 'PhysicalResourceId' in response
# delete
physical_resource_id = response['PhysicalResourceId']
request = Request('Delete', {}, physical_resource_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
# delete again
request = Request('Delete', {}, physical_resource_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
# delete incorrect physical resource id
request = Request('Delete', {}, 'devapi-consumeradmin-ManageOwnConsumersPermission-Y38O818GY2PV')
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
def test_output_parameters():
name = 'n%s' % uuid.uuid4()
outputs = [{
'Path': 'client_id',
'Name': '/cfn-auth0-provider/clients/%s/client_id' % name,
'Description': 'my client id'
}, {
'Path': 'client_secret',
'Name': '/cfn-auth0-provider/clients/%s/client_secret' % name
}]
# create
client = json.loads(json.dumps(sample_client))
client['name'] = name
request = Request('Create', client)
request['ResourceProperties']['OutputParameters'] = outputs
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
client_id = response['PhysicalResourceId']
ssm = boto3.client('ssm')
parameter = ssm.get_parameter(Name=outputs[0]['Name'], WithDecryption=True)
assert parameter['Parameter']['Value'] == client_id
filter = {'Key': 'Name', 'Values': [outputs[0]['Name']]}
parameters = ssm.describe_parameters(Filters=[filter])
assert parameters['Parameters'][0]['Description'] == outputs[0][
'Description']
# check the client secret is stored..
parameter = ssm.get_parameter(Name=outputs[1]['Name'], WithDecryption=True)
# create second time
error_response = handler(request, {})
assert error_response['Status'] == 'FAILED', response['Reason']
assert error_response['Reason'].startswith('one or more of the parameters')
# update
new_outputs = [{
'Path':
'client_id',
'Name':
'/cfn-auth0-provider/clients/%s/client_secret' % name
}]
request = Request('Update', client, response['PhysicalResourceId'])
request['OldResourceProperties'] = {}
request['OldResourceProperties']['OutputParameters'] = outputs
request['ResourceProperties']['OutputParameters'] = new_outputs
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
# check the client_id was written in the secret parameter
parameter = ssm.get_parameter(Name=new_outputs[0]['Name'],
WithDecryption=True)
assert parameter['Parameter']['Value'] == client_id
# check that the removed output is deleted.
try:
parameter = ssm.get_parameter(Name=outputs[0]['Name'],
WithDecryption=True)
assert False, '%s should not exist' % parameter['Parameter']['Name']
except ClientError as e:
assert e.response['Error']['Code'] == 'ParameterNotFound'
# delete
physical_resource_id = response['PhysicalResourceId']
request = Request('Delete', {}, physical_resource_id)
request['ResourceProperties']['OutputParameters'] = outputs
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
for parameter in outputs:
try:
parameter = ssm.get_parameter(Name=parameter['Name'],
WithDecryption=True)
assert False, '%s should not exist' % parameter['Name']
except ClientError as e:
assert e.response['Error']['Code'] == 'ParameterNotFound'
# Double delete works too
request = Request('Delete', {}, physical_resource_id)
request['ResourceProperties']['OutputParameters'] = outputs
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
def test_missing_mibps():
request = Request('Create', 'fs-doesnotexist', 'provisioned')
del request['PhysicalResourceId']
response = handler(request, {})
assert response['Status'] == 'FAILED', response['Reason']
def test_create_incorrect_validation_method(email_certificate):
request = Request('Create', email_certificate['CertificateArn'])
response = handler(request, {})
assert response['Status'] == 'FAILED', response['Reason']
assert response['Reason'].startswith('domain is using validation method')
def test_create():
# create
ca_name = "ca-%s" % uuid.uuid4()
hostname = f"np17.{ca_name}"
new_hostname = f"np17-2.{ca_name}"
try:
request = RootCertificateRequest("Create", ca_name)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
request = CertificateRequest("Create", ca_name, hostname)
response = handler(request, {})
assert response["Data"]["CAName"] == ca_name
assert response["Data"]["Hostname"] == hostname
assert response["Status"] == "SUCCESS", response["Reason"]
physical_resource_id = response.get("PhysicalResourceId")
assert physical_resource_id
request = CertificateRequest(
"Update",
ca_name,
new_hostname,
physical_resource_id=response["PhysicalResourceId"],
)
request["OldResourceProperties"] = {"CAName": ca_name, "Hostname": hostname}
update_response = handler(request, {})
assert update_response["Status"] == "SUCCESS", update_response["Reason"]
assert "PhysicalResourceId" in response
assert update_response["Data"]["CAName"] == ca_name
assert update_response["Data"]["Hostname"] == new_hostname
new_physical_resource_id = update_response.get("PhysicalResourceId")
assert new_physical_resource_id
assert physical_resource_id != new_physical_resource_id
r = ssm.get_parameter(Name=new_physical_resource_id, WithDecryption=True)
failed_update_response = handler(request, {})
assert failed_update_response["Status"] == "FAILED", failed_update_response[
"Reason"
]
assert "already exists" in failed_update_response["Reason"]
for resource_id, name in [
(physical_resource_id, hostname),
(new_physical_resource_id, f"np17-2.{ca_name}"),
]:
request = CertificateRequest(
"Delete", ca_name, name, physical_resource_id=resource_id
)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
try:
r = ssm.get_parameter(Name=resource_id)
assert False, f"parameter {resource_id} still exists"
except ssm.exceptions.ParameterNotFound:
pass
finally:
pass
handler(CertificateRequest("Delete", ca_name, hostname), {})
handler(CertificateRequest("Delete", ca_name, new_hostname), {})
handler(RootCertificateRequest("Delete", ca_name), {})
def test_all_stuff():
# create client
name = 'test-%s' % uuid.uuid4()
client = {'name': name}
request = Request('Create', 'Custom::Auth0Client', client)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
client_id = response['PhysicalResourceId']
# create api
api = {'name': name, 'identifier': 'urn:' + name}
request = Request('Create', 'Custom::Auth0ResourceServer', api)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
api_id = response['PhysicalResourceId']
# create permission
permission = {
'name': 'test-update:pets',
'description': 'update pets',
'applicationId': client_id,
'applicationType': 'client'
}
request = Request('Create', 'Custom::Authz0Permission', permission)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
permission_id = response['PhysicalResourceId']
# create role
role = {
'name': name,
'description': 'role of {}'.format(name),
'applicationId': client_id,
'applicationType': 'client',
'permissions': [permission_id]
}
request = Request('Create', 'Custom::Authz0Role', role)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
role_id = response['PhysicalResourceId']
# create client
client = {'name': name}
request = Request('Create', 'Custom::Auth0Client', client)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
client_id = response['PhysicalResourceId']
# create connection
connection_name = 'test-{}'.format(name.replace('-', '')[5:20])
connection = {
'name':
connection_name,
'strategy':
'auth0',
'enabled_clients':
[get_parameter('/cfn-auth0-provider/client_id'), client_id]
}
request = Request('Create', 'Custom::Auth0Connection', connection)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
connection_id = response['PhysicalResourceId']
time.sleep(0.5)
# create user
user = {
'name': name,
'connection': connection_name,
'email': '{}@auth0.local'.format(name),
'password': name
}
request = Request('Create', 'Custom::Auth0User', user)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
user_id = response['PhysicalResourceId']
# grant role to user
user_role = {'user': user_id, 'role': role_id}
request = Request('Create', 'Custom::Authz0UserRole', user_role)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
user_role_id = response['PhysicalResourceId']
# create group
group = {'name': name, 'description': 'group of {}'.format(name)}
request = Request('Create', 'Custom::Authz0Group', group)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
group_id = response['PhysicalResourceId']
# create group 2
group = {
'name': name + '-2',
'description': 'second group of {}'.format(name)
}
request = Request('Create', 'Custom::Authz0Group', group)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
group2_id = response['PhysicalResourceId']
# add user (member) to group
group_member = {'group': group_id, 'member': user_id}
request = Request('Create', 'Custom::Authz0GroupMember', group_member)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
group_member_id = response['PhysicalResourceId']
# grant role to group
group_role = {'group': group_id, 'role': role_id}
request = Request('Create', 'Custom::Authz0GroupRole', group_role)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
group_role_id = response['PhysicalResourceId']
# assigned group to group
assignment = {'group': group_id, 'nested': group2_id}
print(assignment)
request = Request('Create', 'Custom::Authz0GroupNested', assignment)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
nested_group_id = response['PhysicalResourceId']
# create group mapping
group_mapping_request = {
'group': group_id,
'groupName': 'googlers',
'connectionName': 'google-oauth2'
}
request = Request('Create', 'Custom::Authz0GroupMapping',
group_mapping_request)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
group_mapping_id = response['PhysicalResourceId']
# update group mapping
group_mapping_request = {
'group': group_id,
'groupName': 'googelaars',
'connectionName': 'google-oauth2'
}
request = Request('Update',
'Custom::Authz0GroupMapping',
group_mapping_request,
physical_resource_id=group_mapping_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
group_mapping_id_2 = response['PhysicalResourceId']
assert group_mapping_id != group_mapping_id_2
# delete group to group
physical_resource_id = response['PhysicalResourceId']
request = Request('Delete', 'Custom::Authz0GroupNested', {},
nested_group_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
# delete group mapping 1
group_mapping_request = {
'group': group_id,
'groupName': 'googelaars',
'connectionName': 'google-oauth2'
}
request = Request('Delete',
'Custom::Authz0GroupMapping',
group_mapping_request,
physical_resource_id=group_mapping_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
# delete group mapping 2
group_mapping_request = {
'group': group_id,
'groupName': 'googelaars',
'connectionName': 'google-oauth2'
}
request = Request('Delete',
'Custom::Authz0GroupMapping',
group_mapping_request,
physical_resource_id=group_mapping_id_2)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
# delete group2
physical_resource_id = response['PhysicalResourceId']
request = Request('Delete', 'Custom::Authz0Group', {}, group2_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
# delete group
physical_resource_id = response['PhysicalResourceId']
request = Request('Delete', 'Custom::Authz0Group', {}, group_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
# delete role
physical_resource_id = response['PhysicalResourceId']
request = Request('Delete', 'Custom::Authz0Role', {}, role_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
# delete permission
physical_resource_id = response['PhysicalResourceId']
request = Request('Delete', 'Custom::Authz0Permission', {}, permission_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
# delete api
physical_resource_id = response['PhysicalResourceId']
request = Request('Delete', 'Custom::Auth0ResourceServer', {}, api_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
# delete client
physical_resource_id = response['PhysicalResourceId']
request = Request('Delete', 'Custom::Auth0Client', {}, client_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
def test_search_shorthand():
request = Request("Create", "firewallRule", name="SMTP Server")
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
assert "PhysicalResourceId" in response
assert response["PhysicalResourceId"] is not None
def test_invalid_mibps():
request = Request('Create', 'fs-doesnotexist', 'provisioned', 'badshit')
response = handler(request, {})
assert response['Status'] == 'FAILED', response['Reason']
