CoCalc -- test_create_default

GitHub Repository: aws/aws-cli
Path: blob/develop/tests/unit/customizations/dlm/test_create_default_role.py
¹⁵⁶⁹ views
1
# Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
2
#
3
# Licensed under the Apache License, Version 2.0 (the "License"). You
4
# may not use this file except in compliance with the License. A copy of
5
# the License is located at
6
#
7
#     http://aws.amazon.com/apache2.0/
8
#
9
# or in the "license" file accompanying this file. This file is
10
# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
11
# ANY KIND, either express or implied. See the License for the specific
12
# language governing permissions and limitations under the License.
13
from awscli.testutils import BaseAWSCommandParamsTest, mock, unittest
14
from botocore.compat import json
15
import botocore.session
16
from awscli.customizations.dlm.iam import IAM
17

18
from awscli.customizations.dlm.constants \
19
    import LIFECYCLE_DEFAULT_ROLE_NAME, \
20
    LIFECYCLE_DEFAULT_ROLE_ASSUME_POLICY, \
21
    LIFECYCLE_DEFAULT_ROLE_NAME_AMI, \
22
    LIFECYCLE_DEFAULT_MANAGED_POLICY_NAME, \
23
    LIFECYCLE_DEFAULT_MANAGED_POLICY_NAME_AMI, \
24
    RESOURCE_TYPE_SNAPSHOT, \
25
    RESOURCE_TYPE_IMAGE
26

27

28
class TestCreateDefaultRole(BaseAWSCommandParamsTest):
29
    prefix = 'dlm create-default-role'
30
    LIFECYCLE_DEFAULT_MANAGED_POLICY_ARN = \
31
        "arn:aws:iam::aws:policy/service-role/%s" \
32
        % (LIFECYCLE_DEFAULT_MANAGED_POLICY_NAME)
33
    LIFECYCLE_DEFAULT_MANAGED_POLICY_AMI_ARN = \
34
        "arn:aws:iam::aws:policy/service-role/%s" \
35
        % (LIFECYCLE_DEFAULT_MANAGED_POLICY_NAME_AMI)
36

37
    # Call to attach policy to role
38
    def assert_attached_policy_to_role(self, expected_policy_arn,
39
                                       expected_role):
40
        self.assertEqual(self.operations_called[2][0].name, 'AttachRolePolicy')
41
        self.assertEqual(self.operations_called[2][1]['PolicyArn'],
42
                         expected_policy_arn)
43
        self.assertEqual(self.operations_called[2][1]['RoleName'],
44
                         expected_role)
45

46
    # Call to create default role
47
    def assert_create_default_role(self, role, assume_policy):
48
        self.assertEqual(self.operations_called[1][0].name, 'CreateRole')
49
        self.assertEqual(
50
            self.operations_called[1][1]['RoleName'],
51
            role
52
        )
53
        self.assertEqual(
54
            self.operations_called[1][1]['AssumeRolePolicyDocument'],
55
            json.dumps(assume_policy)
56
        )
57

58
    # Use case: Default role exists
59
    # Expected results: No Operation performed for creation,
60
    # only call made for verifying existence of role
61
    # create-default-role is executed without any resource type parameter,
62
    # should default to snapshot
63
    def test_default_role_exists(self):
64
        cmdline = self.prefix
65

66
        self.run_cmd(cmdline, expected_rc=0)
67
        self.assertEqual(len(self.operations_called), 1)
68

69
        # Call to check if default lifecycle role exists
70
        self.assertEqual(self.operations_called[0][0].name, 'GetRole')
71
        self.assertEqual(self.operations_called[0][1]['RoleName'],
72
                         LIFECYCLE_DEFAULT_ROLE_NAME)
73

74
    # Use case: Default role does not exist.
75
    # Managed Policy exists.
76
    # Expected results: Operations are performed by the client to verify
77
    # existence of policy, creation of role and then
78
    # attaching policy to role
79
    # create-default-role is executed without any resource type parameter,
80
    # should default to snapshot
81
    @mock.patch('awscli.customizations.dlm.'
82
                'iam.IAM.check_if_role_exists')
83
    def test_default_role_not_exist(self, role_exists_patch):
84

85
        role_exists_patch.return_value = False
86

87
        self.run_cmd(self.prefix, expected_rc=0)
88
        self.assertEqual(len(self.operations_called), 5)
89

90
        # Call to check if managed policy exists.
91
        self.assertEqual(self.operations_called[0][0].name, 'GetPolicy')
92
        self.assertEqual(self.operations_called[0][1]['PolicyArn'],
93
                         self.LIFECYCLE_DEFAULT_MANAGED_POLICY_ARN)
94

95
        self.assert_create_default_role(LIFECYCLE_DEFAULT_ROLE_NAME,
96
                                        LIFECYCLE_DEFAULT_ROLE_ASSUME_POLICY)
97
        self.assert_attached_policy_to_role(
98
            self.LIFECYCLE_DEFAULT_MANAGED_POLICY_ARN,
99
            LIFECYCLE_DEFAULT_ROLE_NAME)
100

101
        # Call to get policy's default version id
102
        self.assertEqual(self.operations_called[3][0].name, 'GetPolicy')
103
        self.assertEqual(self.operations_called[3][1]['PolicyArn'],
104
                         self.LIFECYCLE_DEFAULT_MANAGED_POLICY_ARN)
105

106
        # Call to get detailed policy to
107
        # construct result with policy permissions
108
        self.assertEqual(self.operations_called[4][0].name, 'GetPolicyVersion')
109
        self.assertEqual(self.operations_called[4][1]['PolicyArn'],
110
                         self.LIFECYCLE_DEFAULT_MANAGED_POLICY_ARN)
111

112
    # Use case: Default role exists
113
    # Expected results: No Operation performed for creation,
114
    # only call made for verifying existence of role
115
    # create-default-role is executed with resource type = snapshot
116
    def test_default_role_exists_snapshot(self):
117
        cmdline = self.prefix + " --resource-type=" + RESOURCE_TYPE_SNAPSHOT
118

119
        self.run_cmd(cmdline, expected_rc=0)
120
        self.assertEqual(len(self.operations_called), 1)
121

122
        # Call to check if default lifecycle role exists
123
        self.assertEqual(self.operations_called[0][0].name, 'GetRole')
124
        self.assertEqual(self.operations_called[0][1]['RoleName'],
125
                         LIFECYCLE_DEFAULT_ROLE_NAME)
126

127
    # Use case: Default role does not exist.
128
    # Managed Policy exists.
129
    # Expected results: Operations are performed by the client to verify
130
    # existence of policy, creation of role and then
131
    # attaching policy to role
132
    # create-default-role is executed resource type = snapshot
133
    @mock.patch('awscli.customizations.dlm.'
134
                'iam.IAM.check_if_role_exists')
135
    def test_default_role_not_exist_snapshot(self, role_exists_patch):
136

137
        role_exists_patch.return_value = False
138

139
        self.run_cmd(self.prefix + " --resource-type=%s"
140
                     % (RESOURCE_TYPE_SNAPSHOT),
141
                     expected_rc=0)
142
        self.assertEqual(len(self.operations_called), 5)
143

144
        # Call to check if managed policy exists.
145
        self.assertEqual(self.operations_called[0][0].name, 'GetPolicy')
146
        self.assertEqual(self.operations_called[0][1]['PolicyArn'],
147
                         self.LIFECYCLE_DEFAULT_MANAGED_POLICY_ARN)
148

149
        self.assert_create_default_role(LIFECYCLE_DEFAULT_ROLE_NAME,
150
                                        LIFECYCLE_DEFAULT_ROLE_ASSUME_POLICY)
151
        self.assert_attached_policy_to_role(
152
            self.LIFECYCLE_DEFAULT_MANAGED_POLICY_ARN,
153
            LIFECYCLE_DEFAULT_ROLE_NAME)
154

155
        # Call to get policy's default version id
156
        self.assertEqual(self.operations_called[3][0].name, 'GetPolicy')
157
        self.assertEqual(self.operations_called[3][1]['PolicyArn'],
158
                         self.LIFECYCLE_DEFAULT_MANAGED_POLICY_ARN)
159

160
        # Call to get detailed policy to
161
        # construct result with policy permissions
162
        self.assertEqual(self.operations_called[4][0].name, 'GetPolicyVersion')
163
        self.assertEqual(self.operations_called[4][1]['PolicyArn'],
164
                         self.LIFECYCLE_DEFAULT_MANAGED_POLICY_ARN)
165

166
    # Use case: Default role exists for AMI
167
    # Expected results: No Operation performed for creation,
168
    # only call made for verifying existence of role
169
    # create-default-role is executed with resource type = image
170
    def test_default_role_exists_ami(self):
171
        cmdline = self.prefix + " --resource-type=" + RESOURCE_TYPE_IMAGE
172

173
        self.run_cmd(cmdline, expected_rc=0)
174
        self.assertEqual(len(self.operations_called), 1)
175

176
        # Call to check if default lifecycle role exists
177
        self.assertEqual(self.operations_called[0][0].name, 'GetRole')
178
        self.assertEqual(self.operations_called[0][1]['RoleName'],
179
                         LIFECYCLE_DEFAULT_ROLE_NAME_AMI)
180

181
    # Use case: Default role does not exist for AMI.
182
    # AMI Managed Policy exists.
183
    # Expected results: Operations are performed by the client to verify
184
    # existence of policy, creation of role and then
185
    # attaching policy to role
186
    # create-default-role is executed with resource type = image
187
    @mock.patch('awscli.customizations.dlm.'
188
                'iam.IAM.check_if_role_exists')
189
    def test_default_role_not_exist_ami(self, role_exists_patch):
190

191
        role_exists_patch.return_value = False
192

193
        self.run_cmd(self.prefix + " --resource-type=%s"
194
                     % (RESOURCE_TYPE_IMAGE),
195
                     expected_rc=0)
196
        self.assertEqual(len(self.operations_called), 5)
197

198
        # Call to check if managed policy exists.
199
        self.assertEqual(self.operations_called[0][0].name, 'GetPolicy')
200
        self.assertEqual(self.operations_called[0][1]['PolicyArn'],
201
                         self.LIFECYCLE_DEFAULT_MANAGED_POLICY_AMI_ARN)
202

203
        self.assert_create_default_role(LIFECYCLE_DEFAULT_ROLE_NAME_AMI,
204
                                        LIFECYCLE_DEFAULT_ROLE_ASSUME_POLICY)
205
        self.assert_attached_policy_to_role(
206
            self.LIFECYCLE_DEFAULT_MANAGED_POLICY_AMI_ARN,
207
            LIFECYCLE_DEFAULT_ROLE_NAME_AMI)
208

209
        # Call to get policy's default version id
210
        self.assertEqual(self.operations_called[3][0].name, 'GetPolicy')
211
        self.assertEqual(self.operations_called[3][1]['PolicyArn'],
212
                         self.LIFECYCLE_DEFAULT_MANAGED_POLICY_AMI_ARN)
213

214
        # Call to get detailed policy to
215
        # construct result with policy permissions
216
        self.assertEqual(self.operations_called[4][0].name, 'GetPolicyVersion')
217
        self.assertEqual(self.operations_called[4][1]['PolicyArn'],
218
                         self.LIFECYCLE_DEFAULT_MANAGED_POLICY_AMI_ARN)
219

220

221
class TestCreateDefaultRoleUnitTest(unittest.TestCase):
222

223
    def setUp(self):
224
        self.iam_client = mock.Mock()
225
        self.iam_client.exceptions.NoSuchEntityException = \
226
            botocore.session\
227
            .get_session()\
228
            .create_client('iam', region_name="us-east-1")\
229
            .exceptions.NoSuchEntityException
230
        self.iam = IAM(self.iam_client)
231

232
    def test_check_if_role_exists_raises_client_error(self):
233
        self.iam_client.get_role.side_effect = \
234
            self.iam_client.exceptions.NoSuchEntityException(
235
                error_response={'Error': {'Code': 'NoSuchEntityError'}},
236
                operation_name='GetRole',
237
            )
238

239
        self.assertFalse(self.iam.check_if_role_exists('role'))
240

241
    def test_check_if_policy_exists_raises_client_error(self):
242
        self.iam_client.get_policy.side_effect = \
243
            self.iam_client.exceptions.NoSuchEntityException(
244
                error_response={'Error': {'Code': 'NoSuchEntityError'}},
245
                operation_name='GetPolicy',
246
            )
247
        self.assertFalse(self.iam.check_if_policy_exists('policy'))
248

249

250
if __name__ == "__main__":
251
    unittest.main()
252

253
Product

Resources

Company
