def test_old_console_users(self):
session_factory = self.replay_flight_data('test_iam_user_console_old')
p = self.load_policy({
'name': 'old-console-only-users',
'resource': 'iam-user',
'filters': [
{'type': 'credential',
'report_delay': 0.01,
'key': 'access_keys',
'value': 'absent'},
{'type': 'credential',
'key': 'password_last_used',
'value_type': 'age',
'value': 30,
'op': 'greater-than'}
],
}, session_factory=session_factory, cache=True)
with mock_datetime_now(
parser.parse('2016-11-25T20:27:00+00:00'), datetime):
resources = p.run()
self.assertEqual(len(resources), 3)
self.assertEqual(
sorted([r['UserName'] for r in resources]),
['anthony', 'chrissy', 'matt'])
def test_old_console_users(self):
session_factory = self.replay_flight_data('test_iam_user_console_old')
p = self.load_policy({
'name': 'old-console-only-users',
'resource': 'iam-user',
'filters': [
{'type': 'credential',
'report_delay': 0.01,
'key': 'access_keys',
'value': 'absent'},
{'type': 'credential',
'key': 'password_last_used',
'value_type': 'age',
'value': 30,
'op': 'greater-than'}
],
}, session_factory=session_factory, cache=True)
with mock_datetime_now(
parser.parse('2016-11-25T20:27:00+00:00'), datetime):
resources = p.run()
self.assertEqual(len(resources), 3)
self.assertEqual(
sorted([r['UserName'] for r in resources]),
['anthony', 'chrissy', 'matt'])
def test_credential_report(self):
session_factory = self.replay_flight_data('test_account_credential_report')
p = self.load_policy({
'name': 'credential-details',
'resource': 'account',
'filters': [
{'type': 'credential',
'key': 'mfa_active',
'value': True}
]}, session_factory=session_factory)
with mock_datetime_now(
parser.parse('2017-02-23T00:40:00+00:00'), datetime):
resources = p.run()
self.assertEqual(len(resources), 1)
def test_credential_report(self):
session_factory = self.replay_flight_data('test_account_credential_report')
p = self.load_policy({
'name': 'credential-details',
'resource': 'account',
'filters': [
{'type': 'credential',
'key': 'mfa_active',
'value': True}
]}, session_factory=session_factory)
with mock_datetime_now(
parser.parse('2017-02-23T00:40:00+00:00'), datetime):
resources = p.run()
self.assertEqual(len(resources), 1)
def test_access_key_last_service(self):
# Note we're reusing the old console users flight records
session_factory = self.replay_flight_data('test_iam_user_console_old')
p = self.load_policy({
'name': 'user-access-iam',
'resource': 'iam-user',
'filters': [
{'type': 'credential',
'report_max_age': 86400 * 7,
'key': 'access_keys.last_used_service',
'value': 'iam'}
],
}, session_factory=session_factory, cache=True)
with mock_datetime_now(
parser.parse('2016-11-25T20:27:00+00:00'), datetime):
resources = p.run()
self.assertEqual(len(resources), 1)
self.assertEqual(
sorted([r['UserName'] for r in resources]),
['kapil'])
def test_access_key_last_service(self):
# Note we're reusing the old console users flight records
session_factory = self.replay_flight_data('test_iam_user_console_old')
p = self.load_policy({
'name': 'user-access-iam',
'resource': 'iam-user',
'filters': [
{'type': 'credential',
'report_max_age': 86400 * 7,
'key': 'access_keys.last_used_service',
'value': 'iam'}
],
}, session_factory=session_factory, cache=True)
with mock_datetime_now(
parser.parse('2016-11-25T20:27:00+00:00'), datetime):
resources = p.run()
self.assertEqual(len(resources), 1)
self.assertEqual(
sorted([r['UserName'] for r in resources]),
['kapil'])
