def test_old_console_users(self): session_factory = self.replay_flight_data('test_iam_user_console_old') p = self.load_policy({ 'name': 'old-console-only-users', 'resource': 'iam-user', 'filters': [ {'type': 'credential', 'report_delay': 0.01, 'key': 'access_keys', 'value': 'absent'}, {'type': 'credential', 'key': 'password_last_used', 'value_type': 'age', 'value': 30, 'op': 'greater-than'} ], }, session_factory=session_factory, cache=True) with mock_datetime_now( parser.parse('2016-11-25T20:27:00+00:00'), datetime): resources = p.run() self.assertEqual(len(resources), 3) self.assertEqual( sorted([r['UserName'] for r in resources]), ['anthony', 'chrissy', 'matt'])
def test_old_console_users(self): session_factory = self.replay_flight_data('test_iam_user_console_old') p = self.load_policy({ 'name': 'old-console-only-users', 'resource': 'iam-user', 'filters': [ {'type': 'credential', 'report_delay': 0.01, 'key': 'access_keys', 'value': 'absent'}, {'type': 'credential', 'key': 'password_last_used', 'value_type': 'age', 'value': 30, 'op': 'greater-than'} ], }, session_factory=session_factory, cache=True) with mock_datetime_now( parser.parse('2016-11-25T20:27:00+00:00'), datetime): resources = p.run() self.assertEqual(len(resources), 3) self.assertEqual( sorted([r['UserName'] for r in resources]), ['anthony', 'chrissy', 'matt'])
def test_credential_report(self): session_factory = self.replay_flight_data('test_account_credential_report') p = self.load_policy({ 'name': 'credential-details', 'resource': 'account', 'filters': [ {'type': 'credential', 'key': 'mfa_active', 'value': True} ]}, session_factory=session_factory) with mock_datetime_now( parser.parse('2017-02-23T00:40:00+00:00'), datetime): resources = p.run() self.assertEqual(len(resources), 1)
def test_credential_report(self): session_factory = self.replay_flight_data('test_account_credential_report') p = self.load_policy({ 'name': 'credential-details', 'resource': 'account', 'filters': [ {'type': 'credential', 'key': 'mfa_active', 'value': True} ]}, session_factory=session_factory) with mock_datetime_now( parser.parse('2017-02-23T00:40:00+00:00'), datetime): resources = p.run() self.assertEqual(len(resources), 1)
def test_access_key_last_service(self): # Note we're reusing the old console users flight records session_factory = self.replay_flight_data('test_iam_user_console_old') p = self.load_policy({ 'name': 'user-access-iam', 'resource': 'iam-user', 'filters': [ {'type': 'credential', 'report_max_age': 86400 * 7, 'key': 'access_keys.last_used_service', 'value': 'iam'} ], }, session_factory=session_factory, cache=True) with mock_datetime_now( parser.parse('2016-11-25T20:27:00+00:00'), datetime): resources = p.run() self.assertEqual(len(resources), 1) self.assertEqual( sorted([r['UserName'] for r in resources]), ['kapil'])
def test_access_key_last_service(self): # Note we're reusing the old console users flight records session_factory = self.replay_flight_data('test_iam_user_console_old') p = self.load_policy({ 'name': 'user-access-iam', 'resource': 'iam-user', 'filters': [ {'type': 'credential', 'report_max_age': 86400 * 7, 'key': 'access_keys.last_used_service', 'value': 'iam'} ], }, session_factory=session_factory, cache=True) with mock_datetime_now( parser.parse('2016-11-25T20:27:00+00:00'), datetime): resources = p.run() self.assertEqual(len(resources), 1) self.assertEqual( sorted([r['UserName'] for r in resources]), ['kapil'])