def test_manage_state_removes_unwanted_permissions(): lambda_client_double = MagicMock() # Policy actually: present Requested State: not present Should: remove lambda_client_double.get_policy.return_value = fake_policy_return fake_module_params = copy.deepcopy(fake_module_params_absent) module_double.params = fake_module_params lambda_policy.manage_state(module_double, lambda_client_double) assert lambda_client_double.get_policy.call_count > 0 lambda_client_double.add_permission.assert_not_called() assert lambda_client_double.remove_permission.call_count > 0
def test_manage_state_updates_nonmatching_permissions(): lambda_client_double = MagicMock() # Policy actually: present Requested State: present Should: do nothing lambda_client_double.get_policy.return_value = fake_policy_return fake_module_params = copy.deepcopy(fake_module_params_different) module_double.params = fake_module_params lambda_policy.manage_state(module_double, lambda_client_double) assert lambda_client_double.get_policy.call_count > 0 assert lambda_client_double.add_permission.call_count > 0 assert lambda_client_double.remove_permission.call_count > 0
def test_manage_state_leaves_already_removed_permissions(): lambda_client_double = MagicMock() # Policy actually: absent Requested State: absent Should: do nothing lambda_client_double.get_policy.side_effect = ClientError( error_response, operation_name) fake_module_params = copy.deepcopy(fake_module_params_absent) module_double.params = fake_module_params lambda_policy.manage_state(module_double, lambda_client_double) assert lambda_client_double.get_policy.call_count > 0 lambda_client_double.add_permission.assert_not_called() lambda_client_double.remove_permission.assert_not_called()