Skip to content
This repository has been archived by the owner on Sep 17, 2021. It is now read-only.

Commit

Permalink
Fixing IAM tests.
Browse files Browse the repository at this point in the history
  • Loading branch information
@scriptsrc
scriptsrc committed Nov 4, 2017
1 parent acc99ef commit 9e642c5
Show file tree
Hide file tree
Showing 5 changed files with 16 additions and 16 deletions.
2 changes: 1 addition & 1 deletion security_monkey/auditors/iam/iam_group.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ class IAMGroupAuditor(IAMPolicyAuditor):

def __init__(self, accounts=None, debug=False):
super(IAMGroupAuditor, self).__init__(accounts=accounts, debug=debug)
self.iam_policy_keys = ['grouppolicies']
self.iam_policy_keys = ['grouppolicies$*']

def check_attached_managed_policies(self, iamgroup_item):
"""
Expand Down
2 changes: 1 addition & 1 deletion security_monkey/auditors/iam/iam_policy.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ class IAMPolicyAuditor(Auditor):

def __init__(self, accounts=None, debug=False):
super(IAMPolicyAuditor, self).__init__(accounts=accounts, debug=debug)
self.iam_policy_keys = ['InlinePolicies']
self.iam_policy_keys = ['InlinePolicies$*']

def load_iam_policies(self, item):
return self.load_policies(item, self.iam_policy_keys)
Expand Down
2 changes: 1 addition & 1 deletion security_monkey/auditors/iam/iam_role.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ def __init__(self, accounts=None, debug=False):
# ResourcePolicyAuditor will look inside AssumeRolePolicyDocument
# while the IAMPolicyAuditor will inspect the InlinePolicies section.
self.policy_keys = ["AssumeRolePolicyDocument"]
self.iam_policy_keys = ['InlinePolicies']
self.iam_policy_keys = ['InlinePolicies$*']

def check_attached_managed_policies(self, iamrole_item):
"""
Expand Down
2 changes: 1 addition & 1 deletion security_monkey/auditors/iam/iam_user.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ class IAMUserAuditor(IAMPolicyAuditor):

def __init__(self, accounts=None, debug=False):
super(IAMUserAuditor, self).__init__(accounts=accounts, debug=debug)
self.iam_policy_keys = ['InlinePolicies']
self.iam_policy_keys = ['InlinePolicies$*']

def prep_for_audit(self):
"""
Expand Down
24 changes: 12 additions & 12 deletions security_monkey/tests/auditors/test_iam.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -369,7 +369,7 @@ def test_full_admin_only(self):
auditor = IAMPolicyAuditor(accounts=['unittest'])
iamobj = MockIAMObj()

iamobj.config = {'InlinePolicies': json.loads(FULL_ADMIN_POLICY_BARE)}
iamobj.config = {'InlinePolicies': dict(MyPolicy=json.loads(FULL_ADMIN_POLICY_BARE))}

self.assertIs(len(iamobj.audit_issues), 0, "Policy should have 0 alert but has {}".format(len(iamobj.audit_issues)))
auditor.check_star_privileges(iamobj)
Expand Down Expand Up @@ -517,7 +517,7 @@ def test_iam_full_admin_only(self):
auditor = IAMPolicyAuditor(accounts=['unittest'])
iamobj = MockIAMObj()

iamobj.config = {'InlinePolicies': json.loads(IAM_ADMIN)}
iamobj.config = {'InlinePolicies': dict(MyPolicy=json.loads(IAM_ADMIN))}

self.assertIs(len(iamobj.audit_issues), 0, "Policy should have 0 alert but has {}".format(len(iamobj.audit_issues)))
auditor.check_iam_star_privileges(iamobj)
Expand All @@ -532,7 +532,7 @@ def test_permissions(self):
auditor = IAMPolicyAuditor(accounts=['unittest'])
iamobj = MockIAMObj()

iamobj.config = {'InlinePolicies': json.loads(IAM_MUTATING)}
iamobj.config = {'InlinePolicies': dict(MyPolicy=json.loads(IAM_MUTATING))}

self.assertIs(len(iamobj.audit_issues), 0, "Policy should have 0 alert but has {}".format(len(iamobj.audit_issues)))
auditor.check_permissions(iamobj)
Expand All @@ -547,7 +547,7 @@ def test_iam_passrole(self):
auditor = IAMPolicyAuditor(accounts=['unittest'])
iamobj = MockIAMObj()

iamobj.config = {'InlinePolicies': json.loads(IAM_PASSROLE)}
iamobj.config = {'InlinePolicies': dict(MyPolicy=json.loads(IAM_PASSROLE))}

self.assertIs(len(iamobj.audit_issues), 0, "Policy should have 0 alert but has {}".format(len(iamobj.audit_issues)))
auditor.check_iam_passrole(iamobj)
Expand All @@ -562,7 +562,7 @@ def test_iam_notaction(self):
auditor = IAMPolicyAuditor(accounts=['unittest'])
iamobj = MockIAMObj()

iamobj.config = {'InlinePolicies': json.loads(IAM_NOTACTION)}
iamobj.config = {'InlinePolicies': dict(MyPolicy=json.loads(IAM_NOTACTION))}

self.assertIs(len(iamobj.audit_issues), 0, "Policy should have 0 alert but has {}".format(len(iamobj.audit_issues)))
auditor.check_notaction(iamobj)
Expand All @@ -577,7 +577,7 @@ def test_iam_notresource(self):
auditor = IAMPolicyAuditor(accounts=['unittest'])
iamobj = MockIAMObj()

iamobj.config = {'InlinePolicies': json.loads(IAM_NOTRESOURCE)}
iamobj.config = {'InlinePolicies': dict(MyPolicy=json.loads(IAM_NOTRESOURCE))}

self.assertIs(len(iamobj.audit_issues), 0, "Policy should have 0 alert but has {}".format(len(iamobj.audit_issues)))
auditor.check_notresource(iamobj)
Expand All @@ -592,7 +592,7 @@ def test_iam_sg_mutation(self):
auditor = IAMPolicyAuditor(accounts=['unittest'])
iamobj = MockIAMObj()

iamobj.config = {'InlinePolicies': json.loads(IAM_SG_MUTATION)}
iamobj.config = {'InlinePolicies': dict(MyPolicy=json.loads(IAM_SG_MUTATION))}

self.assertIs(len(iamobj.audit_issues), 0, "Policy should have 0 alert but has {}".format(len(iamobj.audit_issues)))
auditor.check_security_group_permissions(iamobj)
Expand All @@ -607,7 +607,7 @@ def test_full_admin_list_single_entry(self):
auditor = IAMPolicyAuditor(accounts=['unittest'])

iamobj = MockIAMObj()
iamobj.config = {'InlinePolicies': json.loads(FULL_ADMIN_POLICY_SINGLE_ENTRY)}
iamobj.config = {'InlinePolicies': dict(MyPolicy=json.loads(FULL_ADMIN_POLICY_SINGLE_ENTRY))}

self.assertIs(len(iamobj.audit_issues), 0, "Policy should have 0 alert but has {}".format(len(iamobj.audit_issues)))
auditor.check_star_privileges(iamobj)
Expand All @@ -622,7 +622,7 @@ def test_full_admin_list(self):
auditor = IAMPolicyAuditor(accounts=['unittest'])

iamobj = MockIAMObj()
iamobj.config = {'InlinePolicies': json.loads(FULL_ADMIN_POLICY_LIST)}
iamobj.config = {'InlinePolicies': dict(MyPolicy=json.loads(FULL_ADMIN_POLICY_LIST))}

self.assertIs(len(iamobj.audit_issues), 0, "Policy should have 0 alert but has {}".format(len(iamobj.audit_issues)))
auditor.check_star_privileges(iamobj)
Expand All @@ -637,7 +637,7 @@ def test_iam_no_admin_list(self):
auditor = IAMPolicyAuditor(accounts=['unittest'])

iamobj = MockIAMObj()
iamobj.config = {'InlinePolicies': json.loads(NO_ADMIN_POLICY_LIST)}
iamobj.config = {'InlinePolicies': dict(MyPolicy=json.loads(NO_ADMIN_POLICY_LIST))}

self.assertIs(len(iamobj.audit_issues), 0, "Policy should have 0 alert but has {}".format(len(iamobj.audit_issues)))
auditor.check_star_privileges(iamobj)
Expand All @@ -655,8 +655,8 @@ def test_load_policies(self):
policies = auditor.load_iam_policies(iamobj)
self.assertIs(len(policies), 0, "Zero policies expected")

auditor.iam_policy_keys = ['InlinePolicies']
iamobj.config = {'InlinePolicies': [json.loads(IAM_ADMIN), json.loads(IAM_PASSROLE)]}
auditor.iam_policy_keys = ['InlinePolicies$*']
iamobj.config = {'InlinePolicies': dict(Admin=json.loads(IAM_ADMIN), PassRole=json.loads(IAM_PASSROLE))}
policies = auditor.load_iam_policies(iamobj)
self.assertIs(len(policies), 2, "Two policies expected but received {}".format(len(policies)))

Expand Down

0 comments on commit 9e642c5

Please sign in to comment.