Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
aws
GitHub Repository: aws/aws-cli
 Path: blob/develop/tests/unit/customizations/emr/test_create_default_role.py
1569 views
1
# Copyright 2014 Amazon.com, Inc. or its affiliates. All Rights Reserved.

2
#

3
# Licensed under the Apache License, Version 2.0 (the "License"). You

4
# may not use this file except in compliance with the License. A copy of

5
# the License is located at

6
#

7
#     http://aws.amazon.com/apache2.0/

8
#

9
# or in the "license" file accompanying this file. This file is

10
# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF

11
# ANY KIND, either express or implied. See the License for the specific

12
# language governing permissions and limitations under the License.

13
from botocore.compat import json

14
from botocore.awsrequest import AWSResponse

15
from botocore.exceptions import ClientError

16


17
import awscli.customizations.emr.emrutils as emrutils

18
import awscli.customizations.emr.createdefaultroles as createdefaultroles

19
from awscli.testutils import mock, unittest

20
from tests.unit.customizations.emr import EMRBaseAWSCommandParamsTest as \

21
    BaseAWSCommandParamsTest

22


23


24
EC2_ROLE_NAME = "EMR_EC2_DefaultRole"

25
EMR_ROLE_NAME = "EMR_DefaultRole"

26
EMR_AUTOSCALING_ROLE_NAME = "EMR_AutoScaling_DefaultRole"

27


28
EC2_ROLE_POLICY = {

29
    "Statement": [

30
        {

31
            "Action": [

32
                "cloudwatch:*",

33
                "dynamodb:*",

34
                "ec2:Describe*",

35
                "elasticmapreduce:Describe*",

36
                "rds:Describe*",

37
                "s3:*",

38
                "sdb:*",

39
                "sns:*",

40
                "sqs:*"

41
            ],

42
            "Effect": "Allow",

43
            "Resource": ["*"]

44
        }

45
    ]

46
}

47


48
CREATE_EC2_ROLE_RESULT = {

49
    "Role":  {

50
        "AssumeRolePolicyDocument": {

51
            "Version": "2008-10-17",

52
            "Statement": [

53
                {

54
                    "Action": "sts:AssumeRole",

55
                    "Sid": "",

56
                    "Effect": "Allow",

57
                    "Principal": {

58
                        "Service": "ec2.amazonaws.com"

59
                    }

60
                }

61
            ]

62
        },

63
        "RoleId": "AROAJG7O4RNNSRINMF6DI",

64
        "CreateDate": "2014-05-01T23:47:14.552Z",

65
        "RoleName": EC2_ROLE_NAME,

66
        "Path": "/",

67
        "Arn": "arn:aws:iam::176430881729:role/"+EC2_ROLE_NAME

68
    }

69
}

70


71
CONSTRUCTED_RESULT_OUTPUT = [

72
    {

73
        "Role": CREATE_EC2_ROLE_RESULT['Role'],

74
        "RolePolicy": EC2_ROLE_POLICY

75
    }

76
]

77


78
http_response = AWSResponse(None, 200, {}, None)

79


80
CN_EC2_ROLE_ARN = ('arn:aws-cn:iam::aws:policy/service-role/'

81
                   'AmazonElasticMapReduceforEC2Role')

82
US_GOV_EC2_ROLE_ARN = ('arn:aws-us-gov:iam::aws:policy/service-role/'

83
                       'AmazonElasticMapReduceforEC2Role')

84


85
EC2_ROLE_ARN = ('arn:aws:iam::aws:policy/service-role/'

86
                'AmazonElasticMapReduceforEC2Role')

87


88
CN_EMR_ROLE_ARN = ('arn:aws-cn:iam::aws:policy/service-role/'

89
                   'AmazonElasticMapReduceRole')

90


91
US_GOV_EMR_ROLE_ARN = ('arn:aws-us-gov:iam::aws:policy/'

92
                       'service-role/AmazonElasticMapReduceRole')

93


94
EMR_ROLE_ARN = ('arn:aws:iam::aws:policy/service-role/'

95
                'AmazonElasticMapReduceRole')

96


97
CN_EMR_AUTOSCALING_ROLE_ARN = 'arn:aws-cn:iam::aws:policy/service-role/AmazonElasticMapReduceforAutoScalingRole'

98


99
US_GOV_EMR_AUTOSCALING_ROLE_ARN = 'arn:aws-us-gov:iam::aws:policy/service-role/' \

100
                                  'AmazonElasticMapReduceforAutoScalingRole'

101


102
EMR_AUTOSCALING_ROLE_ARN = 'arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforAutoScalingRole'

103


104
class TestCreateDefaultRole(BaseAWSCommandParamsTest):

105
    prefix = 'emr create-default-roles'

106


107
    ec2_role_policy_document = {

108
        "Version": "2008-10-17",

109
        "Statement": [

110
            {

111
                "Sid": "",

112
                "Effect": "Allow",

113
                "Principal": {"Service": "ec2.amazonaws.com"},

114
                "Action": "sts:AssumeRole"

115
            }

116
        ]

117
    }

118


119
    emr_role_policy_document = {

120
        "Version": "2008-10-17",

121
        "Statement": [

122
            {

123
                "Sid": "",

124
                "Effect": "Allow",

125
                "Principal": {"Service": "elasticmapreduce.amazonaws.com.cn"},

126
                "Action": "sts:AssumeRole"

127
            }

128
        ]

129
    }

130


131
    emr_autoscaling_role_policy_document_cn = {

132
        "Version": "2008-10-17",

133
        "Statement": [

134
            {

135
                "Sid": "",

136
                "Effect": "Allow",

137
                "Principal": {

138
                    "Service": [

139
                        "elasticmapreduce.amazonaws.com.cn",

140
                        "application-autoscaling.amazonaws.com.cn"

141
                    ]

142
                },

143
                "Action": "sts:AssumeRole"

144
            }

145
        ]

146
    }

147


148
    emr_autoscaling_role_policy_document = {

149
        "Version": "2008-10-17",

150
        "Statement": [

151
            {

152
                "Sid": "",

153
                "Effect": "Allow",

154
                "Principal": {

155
                    "Service": [

156
                        "elasticmapreduce.amazonaws.com",

157
                        "application-autoscaling.amazonaws.com"

158
                    ]

159
                },

160
                "Action": "sts:AssumeRole"

161
            }

162
        ]

163
    }

164


165
    def test_default_roles_exist(self):

166
        cmdline = self.prefix

167


168
        self.run_cmd(cmdline, expected_rc=0)

169
        self.assertEqual(len(self.operations_called), 4)

170


171
        self.assertEqual(self.operations_called[0][0].name, 'GetRole')

172
        self.assertEqual(self.operations_called[0][1]['RoleName'],

173
                         EC2_ROLE_NAME)

174


175
        self.assertEqual(self.operations_called[1][0].name,

176
                         'GetInstanceProfile')

177
        self.assertEqual(self.operations_called[1][1]['InstanceProfileName'],

178
                         EC2_ROLE_NAME)

179
        self.assertEqual(self.operations_called[2][0].name, 'GetRole')

180
        self.assertEqual(self.operations_called[2][1]['RoleName'],

181
                         EMR_ROLE_NAME)

182


183
        self.assertEqual(self.operations_called[3][0].name, 'GetRole')

184
        self.assertEqual(self.operations_called[3][1]['RoleName'],

185
                         EMR_AUTOSCALING_ROLE_NAME)

186


187
    @mock.patch('awscli.customizations.emr.emr.'

188
                'CreateDefaultRoles._construct_result')

189
    @mock.patch('awscli.customizations.emr.emr.'

190
                'CreateDefaultRoles.check_if_instance_profile_exists')

191
    @mock.patch('awscli.customizations.emr.emr.'

192
                'CreateDefaultRoles.check_if_role_exists')

193
    @mock.patch('awscli.customizations.emr.emr.'

194
                'CreateDefaultRoles._get_role_policy')

195
    def test_default_autoscaling_role_commercial(self, get_rp_patch,

196
                                                 role_exists_patch,

197
                                                 instance_profile_exists_patch,

198
                                                 construct_result_patch):

199
        get_rp_patch.return_value = False

200
        role_exists_patch.return_value = False

201
        instance_profile_exists_patch.return_value = False

202
        construct_result_patch.return_value = []

203


204
        cmdline = self.prefix + ' --region us-east-1'

205


206
        self.run_cmd(cmdline, expected_rc=0)

207


208
        # Only 8 operations will be called as we are mocking

209
        # check_if_role_exists and check_if_instance_profile_exists methods.

210
        self.assertEqual(len(self.operations_called), 8)

211
        self.assertEqual(

212
            self.operations_called[6][1]['AssumeRolePolicyDocument'],

213
            emrutils.dict_to_string(self.emr_autoscaling_role_policy_document))

214


215
    @mock.patch('awscli.customizations.emr.emr.'

216
                'CreateDefaultRoles._construct_result')

217
    @mock.patch('awscli.customizations.emr.emr.'

218
                'CreateDefaultRoles.check_if_instance_profile_exists')

219
    @mock.patch('awscli.customizations.emr.emr.'

220
                'CreateDefaultRoles.check_if_role_exists')

221
    @mock.patch('awscli.customizations.emr.emr.'

222
                'CreateDefaultRoles._get_role_policy')

223
    def test_default_roles_not_exist(self, get_rp_patch,

224
                                     role_exists_patch,

225
                                     instance_profile_exists_patch,

226
                                     construct_result_patch):

227
        get_rp_patch.return_value = False

228
        role_exists_patch.return_value = False

229
        instance_profile_exists_patch.return_value = False

230
        construct_result_patch.return_value = []

231


232
        cmdline = self.prefix + ' --region cn-north-1'

233


234
        self.run_cmd(cmdline, expected_rc=0)

235


236
        # Only 8 operations will be called as we are mocking

237
        # check_if_role_exists and check_if_instance_profile_exists methods.

238
        self.assertEqual(len(self.operations_called), 8)

239


240
        self.assertEqual(self.operations_called[0][0].name, 'CreateRole')

241
        self.assertEqual(self.operations_called[0][1]['RoleName'],

242
                         EC2_ROLE_NAME)

243
        self.assertEqual(

244
            self.operations_called[0][1]['AssumeRolePolicyDocument'],

245
            emrutils.dict_to_string(self.ec2_role_policy_document))

246


247
        self.assertEqual(self.operations_called[1][0].name,

248
                         'AttachRolePolicy')

249
        self.assertEqual(self.operations_called[1][1]['PolicyArn'],

250
                         CN_EC2_ROLE_ARN)

251
        self.assertEqual(self.operations_called[1][1]['RoleName'],

252
                         EC2_ROLE_NAME)

253


254
        self.assertEqual(self.operations_called[2][0].name,

255
                         'CreateInstanceProfile')

256
        self.assertEqual(self.operations_called[2][1]['InstanceProfileName'],

257
                         EC2_ROLE_NAME)

258


259
        self.assertEqual(self.operations_called[3][0].name,

260
                         'AddRoleToInstanceProfile')

261
        self.assertEqual(self.operations_called[3][1]['InstanceProfileName'],

262
                         EC2_ROLE_NAME)

263
        self.assertEqual(self.operations_called[3][1]['RoleName'],

264
                         EC2_ROLE_NAME)

265


266
        self.assertEqual(self.operations_called[4][0].name, 'CreateRole')

267
        self.assertEqual(self.operations_called[4][1]['RoleName'],

268
                         EMR_ROLE_NAME)

269
        self.assertEqual(

270
            self.operations_called[4][1]['AssumeRolePolicyDocument'],

271
            emrutils.dict_to_string(self.emr_role_policy_document))

272


273
        self.assertEqual(self.operations_called[5][0].name, 'AttachRolePolicy')

274
        self.assertEqual(self.operations_called[5][1]['PolicyArn'],

275
                         CN_EMR_ROLE_ARN)

276
        self.assertEqual(self.operations_called[5][1]['RoleName'],

277
                         EMR_ROLE_NAME)

278


279
        self.assertEqual(self.operations_called[6][0].name, 'CreateRole')

280
        self.assertEqual(self.operations_called[6][1]['RoleName'],

281
                         EMR_AUTOSCALING_ROLE_NAME)

282
        self.assertEqual(

283
            self.operations_called[6][1]['AssumeRolePolicyDocument'],

284
            emrutils.dict_to_string(self.emr_autoscaling_role_policy_document_cn))

285


286
        self.assertEqual(self.operations_called[7][0].name, 'AttachRolePolicy')

287
        self.assertEqual(self.operations_called[7][1]['PolicyArn'],

288
                         CN_EMR_AUTOSCALING_ROLE_ARN)

289
        self.assertEqual(self.operations_called[7][1]['RoleName'],

290
                         EMR_AUTOSCALING_ROLE_NAME)

291


292
    @mock.patch('awscli.customizations.emr.emr.'

293
                'CreateDefaultRoles._construct_result')

294
    @mock.patch('awscli.customizations.emr.createdefaultroles'

295
                '.get_service_principal')

296
    @mock.patch('awscli.customizations.emr.emr.'

297
                'CreateDefaultRoles.check_if_instance_profile_exists')

298
    @mock.patch('awscli.customizations.emr.emr.'

299
                'CreateDefaultRoles.check_if_role_exists')

300
    @mock.patch('awscli.customizations.emr.emr.'

301
                'CreateDefaultRoles._get_role_policy')

302
    def test_get_service_principal_parameters(self, get_rp_patch,

303
                                              role_exists_patch,

304
                                              instance_profile_exists_patch,

305
                                              get_sp_patch,

306
                                              construct_result_patch):

307
        get_rp_patch.return_value = "blah"

308
        get_sp_patch.return_value = 'elasticmapreduce.amazonaws.abc'

309
        role_exists_patch.return_value = False

310
        instance_profile_exists_patch.return_value = False

311
        construct_result_patch.return_value = []

312


313
        endpoint_url = 'https://elasticmapreduce.abc'

314
        cmdline = self.prefix + ' --endpoint ' + endpoint_url

315
        self.run_cmd(cmdline, expected_rc=0)

316
        self.assertEqual(get_sp_patch.call_args[0][1], endpoint_url)

317


318
    @mock.patch('botocore.session.Session.create_client')

319
    def test_call_parameters(self, call_patch):

320
        cmdline = self.prefix + ' --region eu-west-1' + ' --no-verify-ssl'

321
        self.run_cmd(cmdline, expected_rc=0)

322
        self.assertEqual(call_patch.call_args[1]['region_name'], 'eu-west-1')

323
        self.assertEqual(call_patch.call_args[1]['verify'], False)

324


325
    @mock.patch('botocore.session.Session.create_client')

326
    def test_call_parameters_only_endpoint(self, call_patch):

327
        endpoint_arg = 'https://elasticmapreduce.us-unknown-1.amazonaws.com'

328
        cmdline = self.prefix + ' --endpoint ' + endpoint_arg

329
        self.run_cmd(cmdline, expected_rc=0)

330
        self.assertEqual(call_patch.call_args[1]['endpoint_url'], None)

331


332
    @mock.patch('botocore.session.Session.create_client')

333
    def test_call_parameters_only_iam_endpoint(self, call_patch):

334
        endpoint_arg = 'https://elasticmapreduce.us-unknown-1.amazonaws.com'

335
        cmdline = self.prefix + ' --iam-endpoint ' + endpoint_arg

336
        self.run_cmd(cmdline, expected_rc=0)

337
        self.assertEqual(call_patch.call_args[1]['endpoint_url'],

338
                          endpoint_arg)

339


340
    @mock.patch('awscli.customizations.emr.emr.'

341
                'CreateDefaultRoles._get_role_policy')

342
    @mock.patch('awscli.customizations.emr.emr.'

343
                'CreateDefaultRoles._create_role_with_role_policy')

344
    @mock.patch('awscli.customizations.emr.emr.'

345
                'CreateDefaultRoles.check_if_instance_profile_exists')

346
    @mock.patch('awscli.customizations.emr.emr.'

347
                'CreateDefaultRoles.check_if_role_exists')

348
    def test_constructed_result(self, role_exists_patch,

349
                                instance_profile_exists_patch,

350
                                create_role_patch,

351
                                get_role_policy_patch):

352
        role_exists_patch.side_effect = side_effect_ofcheck_if_role_exists

353
        instance_profile_exists_patch.return_value = False

354
        create_role_patch.return_value = CREATE_EC2_ROLE_RESULT

355
        get_role_policy_patch.return_value = EC2_ROLE_POLICY

356


357
        cmdline = self.prefix + ' --region cn-north-1'

358
        result = self.run_cmd(cmdline, 0)

359
        expected_output = json.dumps(CONSTRUCTED_RESULT_OUTPUT, indent=4) +\

360
            '\n'

361
        self.assertEqual(result[0], expected_output)

362


363
    def test_policy_arn_construction(self):

364
        self.assertEqual(

365
            createdefaultroles.get_role_policy_arn("cn-north-1", createdefaultroles.EC2_ROLE_POLICY_NAME),

366
            CN_EC2_ROLE_ARN)

367
        self.assertEqual(

368
            createdefaultroles.get_role_policy_arn("us-gov-west-1", createdefaultroles.EC2_ROLE_POLICY_NAME),

369
            US_GOV_EC2_ROLE_ARN)

370
        self.assertEqual(

371
            createdefaultroles.get_role_policy_arn("eu-west-1", createdefaultroles.EC2_ROLE_POLICY_NAME),

372
            EC2_ROLE_ARN)

373
        self.assertEqual(

374
            createdefaultroles.get_role_policy_arn("cn-north-1", createdefaultroles.EMR_ROLE_POLICY_NAME),

375
            CN_EMR_ROLE_ARN)

376
        self.assertEqual(

377
            createdefaultroles.get_role_policy_arn("us-gov-west-1", createdefaultroles.EMR_ROLE_POLICY_NAME),

378
            US_GOV_EMR_ROLE_ARN)

379
        self.assertEqual(

380
            createdefaultroles.get_role_policy_arn("eu-west-1", createdefaultroles.EMR_ROLE_POLICY_NAME),

381
            EMR_ROLE_ARN)

382
        self.assertEqual(

383
            createdefaultroles.get_role_policy_arn("cn-north-1", createdefaultroles.EMR_AUTOSCALING_ROLE_POLICY_NAME),

384
            CN_EMR_AUTOSCALING_ROLE_ARN)

385
        self.assertEqual(

386
            createdefaultroles.get_role_policy_arn("us-gov-west-1",

387
                                                   createdefaultroles.EMR_AUTOSCALING_ROLE_POLICY_NAME),

388
            US_GOV_EMR_AUTOSCALING_ROLE_ARN)

389
        self.assertEqual(

390
            createdefaultroles.get_role_policy_arn("eu-west-1", createdefaultroles.EMR_AUTOSCALING_ROLE_POLICY_NAME),

391
            EMR_AUTOSCALING_ROLE_ARN)

392


393


394
class TestCreateDefaultRoles(unittest.TestCase):

395


396
    def setUp(self):

397
        self.session = mock.Mock()

398
        self.client = mock.Mock()

399
        self.session.create_client.return_value = self.client

400
        self.command = createdefaultroles.CreateDefaultRoles(self.session)

401
        setattr(self.command, 'iam_endpoint_url', 'https://www.amazonaws.com')

402
        self.parsed_globals = mock.Mock()

403
        self.parsed_globals.verify_ssl = True

404


405
    def testcheck_if_role_exists_raises_client_error(self):

406
        error_response = {

407
            'Error': {

408
                'Code': 'foo'

409
            }

410
        }

411
        error = ClientError(error_response, 'GetRole')

412
        self.client.get_role.side_effect = error

413


414
        with self.assertRaises(ClientError):

415
            self.command.check_if_role_exists('role', self.parsed_globals)

416


417
    def test_check_role_not_found(self):

418
        error_response = {

419
            'Error': {

420
                'Code': 'NoSuchEntity'

421
            }

422
        }

423
        error = ClientError(error_response, 'GetRole')

424
        self.client.get_role.side_effect = error

425
        self.assertFalse(self.command.check_if_role_exists('role', self.parsed_globals))

426


427
    def test_check_instance_profile_exists_raises_client_error(self):

428
        error_response = {

429
            'Error': {

430
                'Code': 'foo'

431
            }

432
        }

433
        error = ClientError(error_response, 'GetInstanceProfile')

434
        self.client.get_instance_profile.side_effect = error

435


436
        with self.assertRaises(ClientError):

437
            self.command.check_if_instance_profile_exists(

438
                'role', self.parsed_globals)

439


440
    def test_check_instance_profile_not_found(self):

441
        error_response = {

442
            'Error': {

443
                'Code': 'NoSuchEntity'

444
            }

445
        }

446
        error = ClientError(error_response, 'GetInstanceProfile')

447
        self.client.get_instance_profile.side_effect = error

448
        self.assertFalse(self.command.check_if_instance_profile_exists('role', self.parsed_globals))

449


450
def side_effect_ofcheck_if_role_exists(*args, **kwargs):

451
    if args[0] == EC2_ROLE_NAME:

452
        return False

453
    else:

454
        return True

455


456


457
if __name__ == "__main__":

458
    unittest.main()

459


460