def tearDownClass(cls):
code_build = CodeBuild(project_name=project_name,role_name=project_name)
iam = IAM(role_name=project_name)
assert code_build.project_exists() is True
assert iam.role_exists() is True
if delete_on_teardown:
code_build.project_delete()
iam .role_delete()
assert code_build.project_exists() is False
assert iam.role_exists() is False
def tearDownClass(cls):
if delete_created:
iam = IAM(user_name=test_user,role_name=test_role)
iam.user_delete()
assert iam.user_exists() is False
iam.role_delete()
assert iam.role_exists() is False
assert iam.role_arn() is None
def setUpClass(cls):
import warnings
warnings.filterwarnings("ignore", category=ResourceWarning, message="unclosed.*<ssl.SSLSocket.*>")
iam = IAM(user_name=test_user, role_name=test_role)
if iam.user_exists() is False:
iam.user_create()
if iam.role_exists() is False:
iam.role_create(policy_document)
def _test_lambda_write_cloud_watch__with_asserts(self):
group_name = '/unit-tests/test_log_group'
stream_name = Misc.random_string_and_numbers(prefix='tmp_stream_')
message = 'this is a message sent from an lambda function'
lambda_name = 'osbot_aws.lambdas.dev.write_cloud_watch_log'
log_group_arn = 'arn:aws:logs:eu-west-2:244560807427:log-group:{0}*'.format(
group_name)
policy_name = 'temp_policy_for_lambda_write_cloud_watch'
role_name = 'temp_role_for_lambda_invocation'
policy_actions = ['logs:PutLogEvents']
logs = Logs(group_name=group_name, stream_name=stream_name)
logs.group_create()
logs.stream_create()
iam_role = IAM(role_name=role_name)
iam_policy = IAM_Policy(policy_name=policy_name)
iam_policy.add_statement_allow(policy_actions, [log_group_arn])
policy_arn = iam_policy.create(
delete_before_create=True).get('policy_arn')
assert iam_policy.exists() is True
assert iam_role.role_exists() is True
assert logs.group_exists() is True
assert logs.stream_exists() is True
assert set(iam_role.role_policies()) == {
'AWSXrayWriteOnlyAccess', 'policy_temp_role_for_lambda_invocation'
}
iam_role.role_policy_attach(policy_arn)
assert set(iam_role.role_policies()) == {
'AWSXrayWriteOnlyAccess', 'policy_temp_role_for_lambda_invocation',
'temp_policy_for_lambda_write_cloud_watch'
}
sleep(10) # wait for AWS to propagate role update
payload = {
'group_name': group_name,
'stream_name': stream_name,
'message': message
}
lambda_obj = Lambda_Package(lambda_name) #.update_with_root_folder()
result = lambda_obj.invoke(payload)
sleep(1) # wait for Cloudwatch to update
assert result.get('status') == 'ok'
assert logs.messages() == [message]
assert iam_policy.delete() is True
assert logs.group_delete() is True
assert logs.group_exists() is False
assert set(iam_role.role_policies()) == {
'AWSXrayWriteOnlyAccess', 'policy_temp_role_for_lambda_invocation'
}
def test_delete_cluster_task_definition_tasks_roles(self):
cluster_name = self.cluster_name
cluster_arn = self.cluster_arn
task_definition_arn = self.task_definition_arn
task__arn = self.fargate_task.task_arn
task_family = self.fargate_task.task_family
image_name = self.fargate_task.image_name
task_definition_config = self.fargate_task.ecs.task_definition_setup(
task_family=task_family, image_name=image_name)
task_role_name = task_definition_config.get('task_role_name')
execution_role_name = task_definition_config.get('execution_role_name')
iam_role_task = IAM(role_name=task_role_name)
iam_role_execution = IAM(role_name=execution_role_name)
# check that everything exists before
assert self.fargate_task.ecs.cluster_exists(
cluster_arn=cluster_arn) is True
assert self.fargate_task.ecs.task_definition_exists(
task_definition_arn=task_definition_arn) is True
assert self.fargate_task.ecs.task_exists(cluster_name=cluster_name,
task_arn=task__arn) is True
#assert self.fargate_task.status () == 'PROVISIONING' (is STOPPED when called from Teardown)
assert iam_role_task.role_exists()
assert iam_role_execution.role_exists()
self.fargate_task.delete_cluster_task_definition_tasks_roles()
# check that everything is deleted after
assert self.fargate_task.ecs.cluster_exists(
cluster_arn=cluster_arn) is False
assert self.fargate_task.ecs.task_definition_exists(
task_definition_arn=task_definition_arn) is False
assert self.fargate_task.status() == 'STOPPED'
assert iam_role_task.role_not_exists()
assert iam_role_execution.role_not_exists()
class IAM_Role:
def __init__(self, role_name=None):
self.role_name = role_name or f"osbot_temp_role_{random_string()}"
self.iam = IAM(role_name=self.role_name)
def add_policy_for__lambda(self):
temp_policy_name = 'policy_{0}'.format(self.role_name)
cloud_watch_arn = f'arn:aws:logs:{AWS_Config().aws_session_region_name()}:{AWS_Config().aws_session_account_id()}:log-group:/aws/lambda/*'
iam_policy = IAM_Policy(temp_policy_name)
policy_arn = iam_policy.add_cloud_watch(cloud_watch_arn).create().get(
'policy_arn')
self.iam.role_policy_attach(policy_arn)
return policy_arn
def arn(self):
return self.iam.role_arn()
def attach_policy(self, policy_name, policy_document):
self.delete_policy(policy_name=policy_name)
result_create = self.iam.policy_create(policy_name=policy_name,
policy_document=policy_document)
policy_arn = result_create.get('policy_arn')
self.iam.role_policy_attach(policy_arn=policy_arn)
return policy_arn
def create(self, policy_document, skip_if_exists=True):
self.iam.role_create(policy_document=policy_document,
skip_if_exists=skip_if_exists)
return self.exists()
def create_for__lambda(self):
result = self.create_for_service__assume_role('lambda.amazonaws.com')
if result.get('status') == 'ok':
self.add_policy_for__lambda()
return result
def create_for__code_build(self):
return self.create_for_service__assume_role('codebuild.amazonaws.com')
def create_for_service__assume_role(self, service):
statement = {
'Action': 'sts:AssumeRole',
'Effect': 'Allow',
'Principal': {
'Service': service
}
}
return self.create_from_statement(statement)
def create_for_service(self, service, statement):
statement['Principal'] = {'Service': service}
return self.create_from_statement(statement)
def create_for_service_with_policies(self,
service,
policies,
project_name,
recreate_policy=False):
role = self.create_for_service__assume_role(service)
role_arn = role.get('role_arn')
policies_arns = self.iam.policies_create(policies, project_name,
recreate_policy)
self.iam.role_policies_attach(policies_arns)
return {"role_arn": role_arn, "policies_arns": policies_arns}
def create_from_statement(self, statement):
return self.create_from_statements([statement])
def create_from_statements(self, statement):
role_arn = self.iam.role_arn()
if role_arn:
return {
'status': 'warning',
'data': 'role already exists',
'role_name': self.iam.role_name,
'role_arn': role_arn
}
else:
policy_document = {'Statement': statement}
data = self.iam.role_create(policy_document)
return {
'status': 'ok',
'data': data,
'role_name': self.iam.role_name,
'role_arn': data.get('Arn')
}
def delete(self):
return self.iam.role_delete()
def delete_policy(self, policy_arn=None, policy_name=None):
return self.iam.policy_delete(policy_arn=policy_arn,
policy_name=policy_name)
def exists(self):
return self.iam.role_exists()
def info(self):
return self.iam.role_info()
def not_exists(self):
return self.iam.role_not_exists()
def policies_statements(self):
return self.iam.role_policies_statements()