Skip to content

Commit

Permalink
create notification topic and set policy
Browse files Browse the repository at this point in the history
  • Loading branch information
@konz
konz committed Jan 26, 2016
1 parent 8b3fbf3 commit 07ac1ff
Show file tree
Hide file tree
Showing 2 changed files with 93 additions and 12 deletions.
50 changes: 40 additions & 10 deletions src/main/python/ultimate_source_of_accounts/account_exporter.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,17 +71,47 @@ def set_S3_permissions(self):
logging.debug("AWS S3 bucket '%s' now has policy: '%s'", self.bucket_name, policy)

def create_sns_topic(self):
response = self.sns_conn.get_all_topics()
for topic in response['ListTopicsResponse']['ListTopicsResult']['Topics']:
if topic['TopicArn'].endswith(':{0}'.format(self.bucket_name)):
self.topic_arn = topic['TopicArn']

if not self.topic_arn:
self.sns_conn.create_topic(self.bucket_name)
logging.info("Created new SNS topic with name '%s'", self.bucket_name)
response = self.sns_conn.create_topic(self.bucket_name)
topic_arn = response['CreateTopicResponse']['CreateTopicResult']['TopicArn']
logging.info("Using SNS topic with arn '%s'", topic_arn)

return topic_arn

def set_sns_topic_policy(self, topic_arn):
allow_s3_events = {
"Effect": "Allow",
"Action": [
"sns:Publish"
],
"Principal": {
"AWS": "*"
},
"Resource": topic_arn,
"Condition": {
"ArnLike": {
"aws:SourceArn": "arn:aws:s3:*:*:{0}".format(self.bucket_name)
}
}
}
allow_subscribe_to_all_acconts = {
"Effect": "Allow",
"Action": [
"sns:Subscribe"
],
"Principal": {
"AWS": self.allowed_aws_account_ids
},
"Resource": topic_arn
}
policy = {
"Version": "2012-10-17",
"Statement": [
allow_s3_events,
allow_subscribe_to_all_acconts
]
}

def set_sns_topic_policy(self):
pass
self.sns_conn.set_topic_attributes(topic_arn, 'Policy', json.dumps(policy))

def get_routing_rules(self):
routing_rules = boto.s3.website.RoutingRules()
Expand Down
55 changes: 53 additions & 2 deletions src/unittest/python/account_exporter_tests.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,10 @@

from __future__ import print_function, absolute_import, division
from unittest2 import TestCase
from moto import mock_s3
from moto import mock_s3, mock_sns
import boto
import json
import os
import time
import logging
from mock import Mock

Expand Down Expand Up @@ -156,3 +155,55 @@ def test_setup_S3_webserver(self):

routing_rules = self.s3_uploader.get_routing_rules()
mock_bucket.configure_website.assert_called_once_with(suffix='accounts.json', routing_rules=routing_rules)

@mock_sns
def test_create_sns_topic_if_none_existing(self):
topic_arn = self.s3_uploader.create_sns_topic()
self.assertIsNotNone(topic_arn)

@mock_sns
def test_create_sns_topic_if_already_existing(self):
response = boto.sns.connect_to_region(BUCKET_REGION).create_topic(self.bucket_name)
topic_arn = response['CreateTopicResponse']['CreateTopicResult']['TopicArn']

self.assertEqual(topic_arn, self.s3_uploader.create_sns_topic())

@mock_sns
def test_set_topic_policy(self):
topic_arn = self.s3_uploader.create_sns_topic()
expected_policy = {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"sns:Publish"
],
"Principal": {
"AWS":"*"
},
"Resource": topic_arn,
"Condition": {
"ArnLike": {
"aws:SourceArn": "arn:aws:s3:*:*:{0}".format(self.bucket_name)
}
}
},{
"Effect": "Allow",
"Action": [
"sns:Subscribe"
],
"Principal": {
"AWS": self.allowed_aws_account_ids
},
"Resource": topic_arn
}
]
}

self.s3_uploader.set_sns_topic_policy(topic_arn)
response = boto.sns.connect_to_region(BUCKET_REGION).get_topic_attributes(topic_arn)
created_policy = json.loads(
response['GetTopicAttributesResponse']['GetTopicAttributesResult']['Attributes']['Policy'])

self.assertEqual(created_policy, expected_policy)

0 comments on commit 07ac1ff

Please sign in to comment.