def add_policy_for__lambda(self): temp_policy_name = 'policy_{0}'.format(self.role_name) cloud_watch_arn = f'arn:aws:logs:{AWS_Config().aws_session_region_name()}:{AWS_Config().aws_session_account_id()}:log-group:/aws/lambda/*' iam_policy = IAM_Policy(temp_policy_name) policy_arn = iam_policy.add_cloud_watch(cloud_watch_arn).create().get( 'policy_arn') self.iam.role_policy_attach(policy_arn) return policy_arn
def add_policy_for__lambda(self): temp_policy_name = 'policy_{0}'.format(self.role_name) cloud_watch_arn = "arn:aws:logs:{0}:{1}:log-group:/aws/lambda/*".format( 'eu-west-2', '244560807427') iam_policy = IAM_Policy(temp_policy_name) self.policy_arn = iam_policy.add_cloud_watch( cloud_watch_arn).create().get('policy_arn') self.iam.role_policy_attach(self.policy_arn) return self
class test_IAM_Policy(TestCase): def setUp(self): self.account_id = '244560807427' self.iam_policy = IAM_Policy() def test_add_cloud_watch(self): expected_statements = [{ 'Action': [ 'logs:CreateLogGroup', 'logs:CreateLogStream', 'logs:PutLogEvents' ], 'Effect': 'Allow', 'Resource': ['abc'] }] assert self.iam_policy.add_cloud_watch('abc') == self.iam_policy assert self.iam_policy.statement().get( 'Statement') == expected_statements def test_create(self): self.iam_policy = IAM_Policy('temp_policy__test_create') self.iam_policy.delete() result = self.iam_policy.add_cloud_watch('arn:aws:abc').create() expected_policy_arn = 'arn:aws:iam::{0}:policy/{1}'.format( self.account_id, self.iam_policy.policy_name) status = result.get('status') policy_arn = result.get('policy_arn') data = result.get('data') assert status == 'ok' assert policy_arn == expected_policy_arn assert data.get('Arn') == expected_policy_arn assert data.get('Path') == '/' assert data.get('DefaultVersionId') == 'v1' assert data.get('PolicyName') == self.iam_policy.policy_name assert self.iam_policy.statement_from_aws() == [{ 'Action': [ 'logs:CreateLogGroup', 'logs:CreateLogStream', 'logs:PutLogEvents' ], 'Effect': 'Allow', 'Resource': ['arn:aws:abc'] }] assert self.iam_policy.delete() is True def test_create___bad_policy_statement(self): iam_policy = IAM_Policy('temp_policy__test_create_no_policy') response = iam_policy.create() assert response == { 'data': 'An error occurred (MalformedPolicyDocument) when calling the CreatePolicy operation: Syntax errors in policy.', 'policy_arn': None, 'policy_name': 'temp_policy__test_create_no_policy', 'status': 'error' } assert iam_policy.exists() is False def test_create___no_policy_name(self): assert IAM_Policy().create() == { 'data': 'policy name is None', 'status': 'error' } def test_statement(self): assert IAM_Policy().statement() == { 'Statement': [], 'Version': '2012-10-17' }