def statement_principal_5(): return Statement( **{ "Principal": [ "arn:aws:iam::AWS-account-ID:user/user-name-1", "arn:aws:iam::AWS-account-ID:user/UserName2" ] })
def statement_1(): return Statement( **{ "Effect": "Allow", "Action": ["action1"], "NotAction": "action2", "Resource": ["arn"] })
def statement_4(): return Statement( **{ "Effect": "Allow", "Action": "action2", "Resource": "arn1", "NotResource": ["arn2"] })
def statement_not_principal_2(): return Statement( **{ "NotPrincipal": { "AWS": ["arn:aws:iam::AWS-account-ID:user/user-name-1", "arn:aws:iam::AWS-account-ID:user/UserName2"] } } )
def test_can_obtain_policy_documents_from_inherited_method(valid_opensearch_domain_with_access_policies): assert len(valid_opensearch_domain_with_access_policies.policy_documents) == 1 assert valid_opensearch_domain_with_access_policies.policy_documents == [ OptionallyNamedPolicyDocument( policy_document=PolicyDocument( Statement=[ Statement( Effect="Allow", Action="es:*", Resource="arn:aws:es:us-east-1:123456789012:domain/test/*", Principal=Principal(AWS="arn:aws:iam::123456789012:user/opensearch-user"), ) ] ), name=None, ), ]
"Statement": [{ "Effect": "Allow", "Action": ["service:GetService"], "Resource": "*", }], }, }, } }, }, [ OptionallyNamedPolicyDocument( policy_document=PolicyDocument(Statement=[ Statement( Effect="Allow", Action=["service:GetService"], Resource="*", ) ]), name=None, ) ], 1, ), ( { "AWSTemplateFormatVersion": "2010-09-09", "Description": "Test resolving a nonexistent resource to Resource class", "Resources": { "NonexistentResource": {
def statement_principal_4(): return Statement(**{"Principal": "arn:aws:iam::123456789012:root"})
def statement_principal_3(): return Statement( **{"Principal": { "Federated": "cognito-identity.amazonaws.com" }})
def statement_not_principal_1(): return Statement( **{"NotPrincipal": { "AWS": "arn:aws:iam::123456789012:root" }})
def test_capitalize_effect(): statement = Statement(**{"Effect": "allOw", "Action": ["action1"], "NotAction": "action2", "Resource": ["arn"]}) assert statement.Effect == "Allow"
"statement, expected_output", [ (statement_1(), ["action1", "action2"]), (statement_2(), ["action1", "action2"]), (statement_3(), ["action1"]), (statement_4(), ["action2"]), ], ) def test_get_action_list(statement, expected_output): assert statement.get_action_list() == expected_output @pytest.mark.parametrize( "statement, expected_output", [ (Statement(**{"Effect": "Allow", "Action": "ec2:RunInstances", "Resource": ["arn"]}), ["ec2:RunInstances"]), (Statement(**{"Effect": "Allow", "Action": "ec2:Run?nstances", "Resource": ["arn"]}), ["ec2:RunInstances"]), (Statement(**{"Effect": "Allow", "Action": "ec?:RunInstances", "Resource": ["arn"]}), ["ec2:RunInstances"]), ( Statement(**{"Effect": "Allow", "Action": "ec2:Run*", "Resource": ["arn"]}), ["ec2:RunInstances", "ec2:RunScheduledInstances"], ), ], ) def test_get_expanded_action_list(statement, expected_output): assert statement.get_expanded_action_list() == expected_output @pytest.mark.parametrize( "statement, expected_output", [