Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
aws
GitHub Repository: aws/aws-cli
 Path: blob/develop/tests/unit/customizations/datapipeline/test_create_default_role.py
1569 views
1
import pytest

2


3
import awscli.customizations.datapipeline.createdefaultroles \

4
    as createdefaultroles

5
from awscli.customizations.datapipeline.constants\

6
    import DATAPIPELINE_DEFAULT_SERVICE_ROLE_NAME,\

7
    DATAPIPELINE_DEFAULT_RESOURCE_ROLE_NAME,\

8
    DATAPIPELINE_DEFAULT_SERVICE_ROLE_ASSUME_POLICY,\

9
    DATAPIPELINE_DEFAULT_RESOURCE_ROLE_ASSUME_POLICY

10


11
from awscli.testutils import BaseAWSCommandParamsTest,\

12
    mock, unittest

13
from awscli.customizations.datapipeline.translator import dict_to_string

14
from botocore.compat import json

15


16


17
@pytest.mark.filterwarnings('ignore::UserWarning')

18
class TestCreateDefaultRole(BaseAWSCommandParamsTest):

19
    prefix = 'datapipeline create-default-roles'

20


21
    DATAPIPELINE_ROLE_POLICY = {

22
        "Statement": [

23
            {

24
                "Action": [

25
                    "cloudwatch:*",

26
                    "dynamodb:*",

27
                    "ec2:Describe*",

28
                    "elasticmapreduce:Describe*",

29
                    "rds:Describe*",

30
                    "s3:*",

31
                    "sdb:*",

32
                    "sns:*",

33
                    "sqs:*"

34
                    ],

35
                "Effect": "Allow",

36
                "Resource": ["*"]

37
                }

38
            ]

39
    }

40


41
    CREATE_DATAPIPELINE_ROLE_RESULT = {

42
        "Role":  {

43
            "AssumeRolePolicyDocument": {

44
                "Version": "2008-10-17",

45
                "Statement": [

46
                    {

47
                        "Action": "sts:AssumeRole",

48
                        "Sid": "",

49
                        "Effect": "Allow",

50
                        "Principal": {

51
                            "Service": "ec2.amazonaws.com"

52
                        }

53
                    }

54
                ]

55
            },

56
            "RoleId": "AROAJG7O4RNNSRINMF6DI",

57
            "CreateDate": "2014-05-01T23:47:14.552Z",

58
            "RoleName": DATAPIPELINE_DEFAULT_SERVICE_ROLE_NAME,

59
            "Path": "/",

60
            "Arn": "arn:aws:iam::176430881729:role/" +

61
                    DATAPIPELINE_DEFAULT_SERVICE_ROLE_NAME

62
        }

63
    }

64


65
    CONSTRUCTED_RESULT_OUTPUT = [

66
        {

67
            "Role": CREATE_DATAPIPELINE_ROLE_RESULT['Role'],

68
            "RolePolicy": DATAPIPELINE_ROLE_POLICY

69
        }

70
    ]

71


72
    # Use case: Default roles exists

73
    # Expected results: No Operation performed for creation, except calls made

74
    # for verifying existence of roles

75
    def test_default_roles_exist(self):

76
        cmdline = self.prefix

77


78
        self.run_cmd(cmdline, expected_rc=0)

79
        self.assertEqual(len(self.operations_called), 3)

80


81
        self.assertEqual(self.operations_called[0][0].name, 'GetRole')

82
        self.assertEqual(self.operations_called[0][1]['RoleName'],

83
                         DATAPIPELINE_DEFAULT_SERVICE_ROLE_NAME)

84


85
    # Use case: Default roles do not exist

86
    # Expected results: Operations are performed by the client to verify

87
    # existence of roles and then creation of roles (Service role,

88
    # resource role and instance profile)

89
    @mock.patch('awscli.customizations.datapipeline.createdefaultroles.'

90
                'CreateDefaultRoles._construct_result')

91
    @mock.patch('awscli.customizations.datapipeline.createdefaultroles.'

92
                'CreateDefaultRoles._check_if_role_exists')

93
    @mock.patch('awscli.customizations.datapipeline.createdefaultroles.'

94
                'CreateDefaultRoles._check_if_instance_profile_exists')

95
    @mock.patch('awscli.customizations.datapipeline.createdefaultroles.'

96
                'CreateDefaultRoles._get_role_policy')

97
    def test_default_roles_not_exist(self, get_rp_patch,

98
                                     role_exists_patch,

99
                                     instance_profile_exists_patch,

100
                                     construct_result_patch):

101
        get_rp_patch.return_value = False

102
        instance_profile_exists_patch.return_value = False

103
        role_exists_patch.return_value = False

104
        construct_result_patch.return_value = []

105


106
        self.run_cmd(self.prefix, expected_rc=0)

107
        self.assertEqual(len(self.operations_called), 6)

108


109
        self.assertEqual(self.operations_called[0][0].name, 'CreateRole')

110
        self.assertEqual(self.operations_called[0][1]['RoleName'],

111
                         DATAPIPELINE_DEFAULT_SERVICE_ROLE_NAME)

112
        self.assertEqual(

113
            self.operations_called[0][1]['AssumeRolePolicyDocument'],

114
            dict_to_string(DATAPIPELINE_DEFAULT_SERVICE_ROLE_ASSUME_POLICY))

115


116
        self.assertEqual(self.operations_called[1][0].name,

117
                         'AttachRolePolicy')

118
        self.assertEqual(self.operations_called[1][1]['PolicyArn'],

119
                         (createdefaultroles.

120
                          DATAPIPELINE_DEFAULT_SERVICE_ROLE_ARN))

121
        self.assertEqual(self.operations_called[1][1]['RoleName'],

122
                         DATAPIPELINE_DEFAULT_SERVICE_ROLE_NAME)

123


124
        self.assertEqual(self.operations_called[2][0].name, 'CreateRole')

125
        self.assertEqual(self.operations_called[2][1]['RoleName'],

126
                         DATAPIPELINE_DEFAULT_RESOURCE_ROLE_NAME)

127
        self.assertEqual(

128
            self.operations_called[2][1]['AssumeRolePolicyDocument'],

129
            dict_to_string(DATAPIPELINE_DEFAULT_RESOURCE_ROLE_ASSUME_POLICY))

130


131
        self.assertEqual(self.operations_called[3][0].name, 'AttachRolePolicy')

132
        self.assertEqual(self.operations_called[3][1]['PolicyArn'],

133
                         (createdefaultroles.

134
                          DATAPIPELINE_DEFAULT_RESOURCE_ROLE_ARN))

135
        self.assertEqual(self.operations_called[3][1]['RoleName'],

136
                         DATAPIPELINE_DEFAULT_RESOURCE_ROLE_NAME)

137


138
        self.assertEqual(self.operations_called[4][0].name,

139
                         'CreateInstanceProfile')

140
        self.assertEqual(self.operations_called[4][1]['InstanceProfileName'],

141
                         DATAPIPELINE_DEFAULT_RESOURCE_ROLE_NAME)

142


143
        self.assertEqual(self.operations_called[5][0].name,

144
                         'AddRoleToInstanceProfile')

145
        self.assertEqual(self.operations_called[5][1]['InstanceProfileName'],

146
                         DATAPIPELINE_DEFAULT_RESOURCE_ROLE_NAME)

147
        self.assertEqual(self.operations_called[5][1]['RoleName'],

148
                         DATAPIPELINE_DEFAULT_RESOURCE_ROLE_NAME)

149


150
    # Use case: Creating only DataPipeline service role

151
    # Expected output: The service role is created displaying a message

152
    # to the customer that a particular role with a policy has been created

153
    @mock.patch('awscli.customizations.datapipeline.createdefaultroles.'

154
                'CreateDefaultRoles._get_role_policy')

155
    @mock.patch('awscli.customizations.datapipeline.createdefaultroles.'

156
                'CreateDefaultRoles._create_role_with_role_policy')

157
    @mock.patch('awscli.customizations.datapipeline.createdefaultroles.'

158
                'CreateDefaultRoles._check_if_instance_profile_exists')

159
    @mock.patch('awscli.customizations.datapipeline.createdefaultroles.'

160
                'CreateDefaultRoles._check_if_role_exists')

161
    def test_constructed_result(self, role_exists_patch,

162
                                instance_profile_exists_patch,

163
                                create_role_patch,

164
                                get_role_policy_patch):

165
        role_exists_patch.side_effect = self.toggle_for_check_if_exists

166
        instance_profile_exists_patch.return_value = True

167
        create_role_patch.return_value = self.CREATE_DATAPIPELINE_ROLE_RESULT

168
        get_role_policy_patch.return_value = self.DATAPIPELINE_ROLE_POLICY

169


170
        result = self.run_cmd(self.prefix, 0)

171
        expected_output = json.dumps(self.CONSTRUCTED_RESULT_OUTPUT,

172
                                     indent=4) + '\n'

173
        self.assertEqual(result[0], expected_output)

174


175
    def toggle_for_check_if_exists(self, *args):

176
        if args[0] == DATAPIPELINE_DEFAULT_RESOURCE_ROLE_NAME:

177
            return False

178
        else:

179
            return True

180


181


182
if __name__ == "__main__":

183
    unittest.main()

184


185