def test_get_policies_must_return_all_policies(self):
policies = [
"managed policy 1",
{
"Ref": "some managed policy"
},
{
"Statement": "policy statement"
},
{
"PolicyTemplate": "some value"
},
["unknown", "policy"],
]
resource_properties = {"Policies": policies}
self.is_policy_template_mock.side_effect = [
True, False
] # Return True for policy template, False for the list
expected = [
PolicyEntry(data="managed policy 1",
type=PolicyTypes.MANAGED_POLICY),
PolicyEntry(data={"Ref": "some managed policy"},
type=PolicyTypes.MANAGED_POLICY),
PolicyEntry(data={"Statement": "policy statement"},
type=PolicyTypes.POLICY_STATEMENT),
PolicyEntry(data={"PolicyTemplate": "some value"},
type=PolicyTypes.POLICY_TEMPLATE),
PolicyEntry(data=["unknown", "policy"], type=PolicyTypes.UNKNOWN),
]
result = self.function_policies._get_policies(resource_properties)
self.assertEqual(result, expected)
def test_on_before_transform_resource_must_work_on_every_policy_template(
self, function_policies_class_mock):
is_supported_mock = Mock()
self.plugin._is_supported = is_supported_mock
is_supported_mock.return_value = True
function_policies_obj_mock = MagicMock()
function_policies_class_mock.return_value = function_policies_obj_mock
function_policies_class_mock.POLICIES_PROPERTY_NAME = "Policies"
template1 = {"MyTemplate1": {"Param1": "value1"}}
template2 = {"MyTemplate2": {"Param2": "value2"}}
resource_properties = {"Policies": [template1, template2]}
policies = [
PolicyEntry(data=template1, type=PolicyTypes.POLICY_TEMPLATE),
PolicyEntry(data=template2, type=PolicyTypes.POLICY_TEMPLATE),
]
# Setup to return all the policies
function_policies_obj_mock.__len__.return_value = 2
function_policies_obj_mock.get.return_value = iter(policies)
# These are the values returned on every call to `convert` method
self._policy_template_processor_mock.convert.side_effect = [
{
"Statement1": {
"key1": "value1"
}
},
{
"Statement2": {
"key2": "value2"
}
},
]
expected = [{
"Statement1": {
"key1": "value1"
}
}, {
"Statement2": {
"key2": "value2"
}
}]
self.plugin.on_before_transform_resource("logicalId", "resource_type",
resource_properties)
# This will overwrite the resource_properties input array
self.assertEqual(expected, resource_properties["Policies"])
function_policies_obj_mock.get.assert_called_once_with()
self._policy_template_processor_mock.convert.assert_has_calls([
call("MyTemplate1", {"Param1": "value1"}),
call("MyTemplate2", {"Param2": "value2"})
])
def test_get_policies_must_work_for_unknown_policy_types(self):
resource_properties = {"Policies": [1, 2, 3]}
expected = [
PolicyEntry(data=1, type=PolicyTypes.UNKNOWN),
PolicyEntry(data=2, type=PolicyTypes.UNKNOWN),
PolicyEntry(data=3, type=PolicyTypes.UNKNOWN),
]
self.is_policy_template_mock.return_value = False
result = self.function_policies._get_policies(resource_properties)
self.assertEqual(result, expected)
def test_on_before_transform_must_bubble_exception(
self, function_policies_class_mock):
is_supported_mock = Mock()
self.plugin._is_supported = is_supported_mock
is_supported_mock.return_value = True
function_policies_obj_mock = MagicMock()
function_policies_class_mock.return_value = function_policies_obj_mock
template1 = {"MyTemplate1": {"Param1": "value1"}}
resource_properties = {"Policies": template1}
policies = [
PolicyEntry(data=template1, type=PolicyTypes.POLICY_TEMPLATE)
]
# Setup to return all the policies
function_policies_obj_mock.__len__.return_value = 1
function_policies_obj_mock.get.return_value = iter(policies)
self._policy_template_processor_mock.convert.side_effect = TypeError(
"message")
with self.assertRaises(TypeError):
self.plugin.on_before_transform_resource("logicalId",
"resource_type",
resource_properties)
# Make sure the input was not changed
self.assertEqual(resource_properties,
{"Policies": {
"MyTemplate1": {
"Param1": "value1"
}
}})
def test_on_before_transform_must_raise_on_insufficient_parameter_values(self, function_policies_class_mock):
is_supported_mock = Mock()
self.plugin._is_supported = is_supported_mock
is_supported_mock.return_value = True
function_policies_obj_mock = MagicMock()
function_policies_class_mock.return_value = function_policies_obj_mock
template1 = {
"MyTemplate1": {
"Param1": "value1"
}
}
resource_properties = {
"Policies": template1
}
policies = [
PolicyEntry(data=template1, type=PolicyTypes.POLICY_TEMPLATE)
]
# Setup to return all the policies
function_policies_obj_mock.__len__.return_value = 1
function_policies_obj_mock.get.return_value = iter(policies)
# These are the values returned on every call to `convert` method
self._policy_template_processor_mock.convert.side_effect = InsufficientParameterValues("message")
with self.assertRaises(InvalidResourceException):
self.plugin.on_before_transform_resource("logicalId", "resource_type", resource_properties)
# Make sure the input was not changed
self.assertEqual(resource_properties, {"Policies": {"MyTemplate1": { "Param1": "value1"}}})
def test_get_policies_must_work_for_single_dict_of_invalid_policy_template(self):
resource_properties = {"Policies": {"InvalidPolicyTemplate": "some template"}}
self.is_policy_template_mock.return_value = False # Invalid policy template
expected = [PolicyEntry(data={"InvalidPolicyTemplate": "some template"}, type=PolicyTypes.UNKNOWN)]
result = self.function_policies._get_policies(resource_properties)
self.assertEqual(result, expected)
self.is_policy_template_mock.assert_called_once_with({"InvalidPolicyTemplate": "some template"})
def test_get_policies_must_work_for_single_dict_of_policy_template(self):
resource_properties = {"Policies": {"PolicyTemplate": "some template"}}
self.is_policy_template_mock.return_value = True
expected = [PolicyEntry(data={"PolicyTemplate": "some template"}, type=PolicyTypes.POLICY_TEMPLATE)]
result = self.function_policies._get_policies(resource_properties)
self.assertEqual(result, expected)
self.is_policy_template_mock.assert_called_once_with(resource_properties["Policies"])
def test_get_policies_must_work_for_single_policy_string(self):
resource_properties = {"Policies": "single managed policy"}
expected = [
PolicyEntry(data="single managed policy",
type=PolicyTypes.MANAGED_POLICY)
]
result = self.function_policies._get_policies(resource_properties)
self.assertEqual(result, expected)
def test_get_policies_must_work_for_single_dict_with_managed_policy_intrinsic(
self):
resource_properties = {"Policies": {"Ref": "some managed policy"}}
expected = [
PolicyEntry(data={"Ref": "some managed policy"},
type=PolicyTypes.MANAGED_POLICY)
]
result = self.function_policies._get_policies(resource_properties)
self.assertEqual(result, expected)
def test_get_policies_must_work_for_single_dict_with_policy_statement(self):
resource_properties = {
"Policies": {
"Statement": "some policy statement"
}
}
expected = [
PolicyEntry(data={"Statement": "some policy statement"}, type=PolicyTypes.POLICY_STATEMENT)
]
result = self.function_policies._get_policies(resource_properties)
self.assertEqual(result, expected)
