def test_update_group_attach_policies(ddbt):
create_group(ddbt, group_name="sales", human_name="Sales")
update_group_attach_policies(ddbt,
group_name="sales",
policy_names=["P1", "P2"])
group = describe_group(ddbt, group_name="sales")
print(group)
def test_update_group_add_users(ddbt):
create_user(ddbt, user_name="joe", human_name="Joe")
create_user(ddbt, user_name="ann", human_name="Ann")
create_group(ddbt, group_name="sales", human_name="Sales")
update_group_add_users(ddbt, group_name="sales", user_names=["joe", "ann"])
group = describe_group(ddbt, group_name="sales")
print(group)
def _cleanup_user_group_policy_inheritance(record):
pk, sk = _get_pk_sk(record)
group_name = pk.split("#")[-1]
is_user_sk = sk.startswith("user#")
is_policy_sk = sk.startswith("policy#")
cleaned = []
# NOTE: this query+update sequence creates a race condition with other processes
# adding or removing policies to the group at this time, and may result in users
# with missing policies or unexpected policies.
if is_user_sk:
# When a group member is removed, detach inherited policies from it
user_name = sk.split("#")[-1]
items = myiam.describe_group(ddbt, group_name)
policy_items = [
item for item in items if item["sk"].startswith("policy#")
]
policy_names = [item["sk"].split("#")[-1] for item in policy_items]
for policy_name in policy_names:
myiam.update_user_disinherit_group_policies(
ddbt, user_name, group_name, [policy_name])
cleaned.append((group_name, user_name, policy_name))
if is_policy_sk:
# When a policy is removed from a group, detach it from group members
policy_name = sk.split("#")[-1]
items = myiam.describe_group(ddbt, group_name)
user_items = [item for item in items if item["sk"].startswith("user#")]
user_names = [item["sk"].split("#")[-1] for item in user_items]
for user_name in user_names:
myiam.update_user_disinherit_group_policies(
ddbt, user_name, group_name, [policy_name])
cleaned.append((group_name, user_name, policy_name))
return cleaned
def test_delete_group(ddbt):
create_group(ddbt, group_name="sales", human_name="Sales")
delete_group(ddbt, group_name="sales")
group = describe_group(ddbt, group_name="sales")
print(group)
def test_update_group(ddbt):
create_group(ddbt, group_name="sales", human_name="Sales")
update_group(ddbt, group_name="sales", human_name="joseph")
group = describe_group(ddbt, group_name="sales")
print(group)