def test_get_policies_must_return_all_policies(self): policies = [ "managed policy 1", { "Ref": "some managed policy" }, { "Statement": "policy statement" }, { "PolicyTemplate": "some value" }, ["unknown", "policy"], ] resource_properties = {"Policies": policies} self.is_policy_template_mock.side_effect = [ True, False ] # Return True for policy template, False for the list expected = [ PolicyEntry(data="managed policy 1", type=PolicyTypes.MANAGED_POLICY), PolicyEntry(data={"Ref": "some managed policy"}, type=PolicyTypes.MANAGED_POLICY), PolicyEntry(data={"Statement": "policy statement"}, type=PolicyTypes.POLICY_STATEMENT), PolicyEntry(data={"PolicyTemplate": "some value"}, type=PolicyTypes.POLICY_TEMPLATE), PolicyEntry(data=["unknown", "policy"], type=PolicyTypes.UNKNOWN), ] result = self.function_policies._get_policies(resource_properties) self.assertEqual(result, expected)
def test_on_before_transform_resource_must_work_on_every_policy_template( self, function_policies_class_mock): is_supported_mock = Mock() self.plugin._is_supported = is_supported_mock is_supported_mock.return_value = True function_policies_obj_mock = MagicMock() function_policies_class_mock.return_value = function_policies_obj_mock function_policies_class_mock.POLICIES_PROPERTY_NAME = "Policies" template1 = {"MyTemplate1": {"Param1": "value1"}} template2 = {"MyTemplate2": {"Param2": "value2"}} resource_properties = {"Policies": [template1, template2]} policies = [ PolicyEntry(data=template1, type=PolicyTypes.POLICY_TEMPLATE), PolicyEntry(data=template2, type=PolicyTypes.POLICY_TEMPLATE), ] # Setup to return all the policies function_policies_obj_mock.__len__.return_value = 2 function_policies_obj_mock.get.return_value = iter(policies) # These are the values returned on every call to `convert` method self._policy_template_processor_mock.convert.side_effect = [ { "Statement1": { "key1": "value1" } }, { "Statement2": { "key2": "value2" } }, ] expected = [{ "Statement1": { "key1": "value1" } }, { "Statement2": { "key2": "value2" } }] self.plugin.on_before_transform_resource("logicalId", "resource_type", resource_properties) # This will overwrite the resource_properties input array self.assertEqual(expected, resource_properties["Policies"]) function_policies_obj_mock.get.assert_called_once_with() self._policy_template_processor_mock.convert.assert_has_calls([ call("MyTemplate1", {"Param1": "value1"}), call("MyTemplate2", {"Param2": "value2"}) ])
def test_get_policies_must_work_for_unknown_policy_types(self): resource_properties = {"Policies": [1, 2, 3]} expected = [ PolicyEntry(data=1, type=PolicyTypes.UNKNOWN), PolicyEntry(data=2, type=PolicyTypes.UNKNOWN), PolicyEntry(data=3, type=PolicyTypes.UNKNOWN), ] self.is_policy_template_mock.return_value = False result = self.function_policies._get_policies(resource_properties) self.assertEqual(result, expected)
def test_on_before_transform_must_bubble_exception( self, function_policies_class_mock): is_supported_mock = Mock() self.plugin._is_supported = is_supported_mock is_supported_mock.return_value = True function_policies_obj_mock = MagicMock() function_policies_class_mock.return_value = function_policies_obj_mock template1 = {"MyTemplate1": {"Param1": "value1"}} resource_properties = {"Policies": template1} policies = [ PolicyEntry(data=template1, type=PolicyTypes.POLICY_TEMPLATE) ] # Setup to return all the policies function_policies_obj_mock.__len__.return_value = 1 function_policies_obj_mock.get.return_value = iter(policies) self._policy_template_processor_mock.convert.side_effect = TypeError( "message") with self.assertRaises(TypeError): self.plugin.on_before_transform_resource("logicalId", "resource_type", resource_properties) # Make sure the input was not changed self.assertEqual(resource_properties, {"Policies": { "MyTemplate1": { "Param1": "value1" } }})
def test_on_before_transform_must_raise_on_insufficient_parameter_values(self, function_policies_class_mock): is_supported_mock = Mock() self.plugin._is_supported = is_supported_mock is_supported_mock.return_value = True function_policies_obj_mock = MagicMock() function_policies_class_mock.return_value = function_policies_obj_mock template1 = { "MyTemplate1": { "Param1": "value1" } } resource_properties = { "Policies": template1 } policies = [ PolicyEntry(data=template1, type=PolicyTypes.POLICY_TEMPLATE) ] # Setup to return all the policies function_policies_obj_mock.__len__.return_value = 1 function_policies_obj_mock.get.return_value = iter(policies) # These are the values returned on every call to `convert` method self._policy_template_processor_mock.convert.side_effect = InsufficientParameterValues("message") with self.assertRaises(InvalidResourceException): self.plugin.on_before_transform_resource("logicalId", "resource_type", resource_properties) # Make sure the input was not changed self.assertEqual(resource_properties, {"Policies": {"MyTemplate1": { "Param1": "value1"}}})
def test_get_policies_must_work_for_single_dict_of_invalid_policy_template(self): resource_properties = {"Policies": {"InvalidPolicyTemplate": "some template"}} self.is_policy_template_mock.return_value = False # Invalid policy template expected = [PolicyEntry(data={"InvalidPolicyTemplate": "some template"}, type=PolicyTypes.UNKNOWN)] result = self.function_policies._get_policies(resource_properties) self.assertEqual(result, expected) self.is_policy_template_mock.assert_called_once_with({"InvalidPolicyTemplate": "some template"})
def test_get_policies_must_work_for_single_dict_of_policy_template(self): resource_properties = {"Policies": {"PolicyTemplate": "some template"}} self.is_policy_template_mock.return_value = True expected = [PolicyEntry(data={"PolicyTemplate": "some template"}, type=PolicyTypes.POLICY_TEMPLATE)] result = self.function_policies._get_policies(resource_properties) self.assertEqual(result, expected) self.is_policy_template_mock.assert_called_once_with(resource_properties["Policies"])
def test_get_policies_must_work_for_single_policy_string(self): resource_properties = {"Policies": "single managed policy"} expected = [ PolicyEntry(data="single managed policy", type=PolicyTypes.MANAGED_POLICY) ] result = self.function_policies._get_policies(resource_properties) self.assertEqual(result, expected)
def test_get_policies_must_work_for_single_dict_with_managed_policy_intrinsic( self): resource_properties = {"Policies": {"Ref": "some managed policy"}} expected = [ PolicyEntry(data={"Ref": "some managed policy"}, type=PolicyTypes.MANAGED_POLICY) ] result = self.function_policies._get_policies(resource_properties) self.assertEqual(result, expected)
def test_get_policies_must_work_for_single_dict_with_policy_statement(self): resource_properties = { "Policies": { "Statement": "some policy statement" } } expected = [ PolicyEntry(data={"Statement": "some policy statement"}, type=PolicyTypes.POLICY_STATEMENT) ] result = self.function_policies._get_policies(resource_properties) self.assertEqual(result, expected)