def test_update_role_attach_policies(ddbt):
create_role(ddbt, role_name="engineer", human_name="Engineer")
update_role_attach_policies(ddbt,
role_name="engineer",
policy_names=["ManageUsersReadOnly"])
role = describe_role(ddbt, role_name="engineer")
print(role)
def test_update_role_trust_policy(ddbt):
create_role(ddbt, role_name="engineer", human_name="Engineer")
update_role_trust_policy(
ddbt,
role_name="engineer",
policy_attrs={
"statements": [{
"effect": "allow",
"resources": ["*"],
"actions": ["*"]
}]
},
)
role = describe_role(ddbt, role_name="engineer")
print(role)
def test_find_policy_names_matching_role(ddbt, generic_policy):
create_role(ddbt, role_name="admin")
create_role(ddbt, role_name="sales")
create_policy(ddbt, policy_name="PolicyU", **generic_policy)
create_policy(ddbt, policy_name="PolicyX", **generic_policy)
create_policy(ddbt, policy_name="PolicyY", **generic_policy)
create_policy(ddbt, policy_name="PolicyZ", **generic_policy)
update_role_attach_policies(ddbt, "admin", policy_names=["PolicyX"])
update_role_attach_policies(ddbt,
"sales",
policy_names=["PolicyY", "PolicyZ"])
policies = find_policy_names_matching_role(ddbt, "admin")
assert policies == ["PolicyX"]
policies = find_policy_names_matching_role(ddbt, "sales")
assert policies == ["PolicyY", "PolicyZ"]
def reset_roles():
logger = logging.getLogger("myiam_api").getChild("cli")
with open(HERE / "data/roles.yaml") as fp:
source_roles = yaml.safe_load(fp.read())
roles = myiam.list_roles(table=myiam_api.app.table)
for role in roles:
role_name = role["pk"].split("#")[-1]
myiam.delete_role(table=myiam_api.app.table, role_name=role_name)
for item in source_roles:
logger.info("{role_name} => {policy_names}".format(**item))
myiam.create_role(table=myiam_api.app.table,
role_name=item["role_name"])
myiam.update_role_attach_policies(
table=myiam_api.app.table,
role_name=item["role_name"],
policy_names=item["policy_names"],
)
def test_delete_role(ddbt):
create_role(ddbt, role_name="engineering", human_name="Engineering")
delete_role(ddbt, role_name="engineering")
role = describe_role(ddbt, role_name="engineering")
print(role)
def test_update_role(ddbt):
create_role(ddbt, role_name="engineer", human_name="Engineer")
update_role(ddbt, role_name="engineer", human_name="DevelopmentEngineer")
role = describe_role(ddbt, role_name="engineer")
print(role)
def test_create_role(ddbt):
create_role(ddbt, role_name="engineer", human_name="Engineer")
roles = list_roles(ddbt)
print(roles)