Skip to content

Commit

Permalink
Make IAM ARNs more dynamic. Closes #663.
Browse files Browse the repository at this point in the history
  • Loading branch information
@spulec
spulec committed Mar 19, 2017
1 parent 2d05f8a commit bba197e
Show file tree
Hide file tree
Showing 2 changed files with 44 additions and 30 deletions.
26 changes: 23 additions & 3 deletions moto/iam/models.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@
from .exceptions import IAMNotFoundException, IAMConflictException, IAMReportNotPresentException
from .utils import random_access_key, random_alphanumeric, random_resource_id, random_policy_id

ACCOUNT_ID = 123456789012


class Policy(BaseModel):

Expand Down Expand Up @@ -82,6 +84,10 @@ def create_from_cloudformation_json(cls, resource_name, cloudformation_json, reg

return role

@property
def arn(self):
return "arn:aws:iam::{0}:role{1}{2}".format(ACCOUNT_ID, self.path, self.name)

def put_policy(self, policy_name, policy_json):
self.policies[policy_name] = policy_json

Expand Down Expand Up @@ -115,6 +121,10 @@ def create_from_cloudformation_json(cls, resource_name, cloudformation_json, reg
role_ids=role_ids,
)

@property
def arn(self):
return "arn:aws:iam::{0}:instance-profile{1}{2}".format(ACCOUNT_ID, self.path, self.name)

@property
def physical_resource_id(self):
return self.name
Expand All @@ -132,13 +142,17 @@ def __init__(self, cert_name, cert_body, private_key, cert_chain=None, path=None
self.cert_name = cert_name
self.cert_body = cert_body
self.private_key = private_key
self.path = path
self.path = path if path else "/"
self.cert_chain = cert_chain

@property
def physical_resource_id(self):
return self.name

@property
def arn(self):
return "arn:aws:iam::{0}:server-certificate{1}{2}".format(ACCOUNT_ID, self.path, self.cert_name)


class AccessKey(BaseModel):

Expand Down Expand Up @@ -179,6 +193,10 @@ def get_cfn_attribute(self, attribute_name):
raise NotImplementedError('"Fn::GetAtt" : [ "{0}" , "Arn" ]"')
raise UnformattedGetAttTemplateException()

@property
def arn(self):
return "arn:aws:iam::{0}:group/{1}".format(ACCOUNT_ID, self.path)

def get_policy(self, policy_name):
try:
policy_json = self.policies[policy_name]
Expand Down Expand Up @@ -208,12 +226,14 @@ def __init__(self, name, path=None):
datetime.utcnow(),
"%Y-%m-%d-%H-%M-%S"
)
self.arn = 'arn:aws:iam::123456789012:user{0}{1}'.format(
self.path, name)
self.policies = {}
self.access_keys = []
self.password = None

@property
def arn(self):
return "arn:aws:iam::{0}:user{1}{2}".format(ACCOUNT_ID, self.path, self.name)

def get_policy(self, policy_name):
policy_json = None
try:
Expand Down
48 changes: 21 additions & 27 deletions moto/iam/responses.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -439,7 +439,7 @@ def get_credential_report(self):
<Roles/>
<InstanceProfileName>{{ profile.name }}</InstanceProfileName>
<Path>{{ profile.path }}</Path>
<Arn>arn:aws:iam::123456789012:instance-profile/application_abc/component_xyz/Webserver</Arn>
<Arn>{{ profile.arn }}</Arn>
<CreateDate>2012-05-09T16:11:10.222Z</CreateDate>
</InstanceProfile>
</CreateInstanceProfileResult>
Expand All @@ -456,7 +456,7 @@ def get_credential_report(self):
{% for role in profile.roles %}
<member>
<Path>{{ role.path }}</Path>
<Arn>arn:aws:iam::123456789012:role/application_abc/component_xyz/S3Access</Arn>
<Arn>{{ role.arn }}</Arn>
<RoleName>{{ role.name }}</RoleName>
<AssumeRolePolicyDocument>{{ role.assume_role_policy_document }}</AssumeRolePolicyDocument>
<CreateDate>2012-05-09T15:45:35Z</CreateDate>
Expand All @@ -466,7 +466,7 @@ def get_credential_report(self):
</Roles>
<InstanceProfileName>{{ profile.name }}</InstanceProfileName>
<Path>{{ profile.path }}</Path>
<Arn>arn:aws:iam::123456789012:instance-profile/application_abc/component_xyz/Webserver</Arn>
<Arn>{{ profile.arn }}</Arn>
<CreateDate>2012-05-09T16:11:10Z</CreateDate>
</InstanceProfile>
</GetInstanceProfileResult>
Expand All @@ -479,7 +479,7 @@ def get_credential_report(self):
<CreateRoleResult>
<Role>
<Path>{{ role.path }}</Path>
<Arn>arn:aws:iam::123456789012:role/application_abc/component_xyz/S3Access</Arn>
<Arn>{{ role.arn }}</Arn>
<RoleName>{{ role.name }}</RoleName>
<AssumeRolePolicyDocument>{{ role.assume_role_policy_document }}</AssumeRolePolicyDocument>
<CreateDate>2012-05-08T23:34:01.495Z</CreateDate>
Expand All @@ -506,7 +506,7 @@ def get_credential_report(self):
<GetRoleResult>
<Role>
<Path>{{ role.path }}</Path>
<Arn>arn:aws:iam::123456789012:role/application_abc/component_xyz/S3Access</Arn>
<Arn>{{ role.arn }}</Arn>
<RoleName>{{ role.name }}</RoleName>
<AssumeRolePolicyDocument>{{ role.assume_role_policy_document }}</AssumeRolePolicyDocument>
<CreateDate>2012-05-08T23:34:01Z</CreateDate>
Expand Down Expand Up @@ -537,7 +537,7 @@ def get_credential_report(self):
{% for role in roles %}
<member>
<Path>{{ role.path }}</Path>
<Arn>arn:aws:iam::123456789012:role/application_abc/component_xyz/S3Access</Arn>
<Arn>{{ role.arn }}</Arn>
<RoleName>{{ role.name }}</RoleName>
<AssumeRolePolicyDocument>{{ role.assume_role_policy_document }}</AssumeRolePolicyDocument>
<CreateDate>2012-05-09T15:45:35Z</CreateDate>
Expand Down Expand Up @@ -576,7 +576,7 @@ def get_credential_report(self):
{% for role in instance.roles %}
<member>
<Path>{{ role.path }}</Path>
<Arn>arn:aws:iam::123456789012:role/application_abc/component_xyz/S3Access</Arn>
<Arn>{{ role.arn }}</Arn>
<RoleName>{{ role.name }}</RoleName>
<AssumeRolePolicyDocument>{{ role.assume_role_policy_document }}</AssumeRolePolicyDocument>
<CreateDate>2012-05-09T15:45:35Z</CreateDate>
Expand All @@ -586,7 +586,7 @@ def get_credential_report(self):
</Roles>
<InstanceProfileName>{{ instance.name }}</InstanceProfileName>
<Path>{{ instance.path }}</Path>
<Arn>arn:aws:iam::123456789012:instance-profile/application_abc/component_xyz/Database</Arn>
<Arn>{{ instance.arn }}</Arn>
<CreateDate>2012-05-09T16:27:03Z</CreateDate>
</member>
{% endfor %}
Expand All @@ -604,7 +604,7 @@ def get_credential_report(self):
{% if certificate.path %}
<Path>{{ certificate.path }}</Path>
{% endif %}
<Arn>arn:aws:iam::123456789012:server-certificate/{{ certificate.path }}/{{ certificate.cert_name }}</Arn>
<Arn>{{ certificate.arn }}</Arn>
<UploadDate>2010-05-08T01:02:03.004Z</UploadDate>
<ServerCertificateId>ASCACKCEVSQ6C2EXAMPLE</ServerCertificateId>
<Expiration>2012-05-08T01:02:03.004Z</Expiration>
Expand All @@ -623,11 +623,9 @@ def get_credential_report(self):
<member>
<ServerCertificateName>{{ certificate.cert_name }}</ServerCertificateName>
{% if certificate.path %}
<Path>{{ certificate.path }}</Path>
<Arn>arn:aws:iam::123456789012:server-certificate/{{ certificate.path }}/{{ certificate.cert_name }}</Arn>
{% else %}
<Arn>arn:aws:iam::123456789012:server-certificate/{{ certificate.cert_name }}</Arn>
<Path>{{ certificate.path }}</Path>
{% endif %}
<Arn>{{ certificate.arn }}</Arn>
<UploadDate>2010-05-08T01:02:03.004Z</UploadDate>
<ServerCertificateId>ASCACKCEVSQ6C2EXAMPLE</ServerCertificateId>
<Expiration>2012-05-08T01:02:03.004Z</Expiration>
Expand All @@ -646,11 +644,9 @@ def get_credential_report(self):
<ServerCertificateMetadata>
<ServerCertificateName>{{ certificate.cert_name }}</ServerCertificateName>
{% if certificate.path %}
<Path>{{ certificate.path }}</Path>
<Arn>arn:aws:iam::123456789012:server-certificate/{{ certificate.path }}/{{ certificate.cert_name }}</Arn>
{% else %}
<Arn>arn:aws:iam::123456789012:server-certificate/{{ certificate.cert_name }}</Arn>
<Path>{{ certificate.path }}</Path>
{% endif %}
<Arn>{{ certificate.arn }}</Arn>
<UploadDate>2010-05-08T01:02:03.004Z</UploadDate>
<ServerCertificateId>ASCACKCEVSQ6C2EXAMPLE</ServerCertificateId>
<Expiration>2012-05-08T01:02:03.004Z</Expiration>
Expand All @@ -669,7 +665,7 @@ def get_credential_report(self):
<Path>{{ group.path }}</Path>
<GroupName>{{ group.name }}</GroupName>
<GroupId>{{ group.id }}</GroupId>
<Arn>arn:aws:iam::123456789012:group/{{ group.path }}</Arn>
<Arn>{{ group.arn }}</Arn>
</Group>
</CreateGroupResult>
<ResponseMetadata>
Expand All @@ -683,17 +679,15 @@ def get_credential_report(self):
<Path>{{ group.path }}</Path>
<GroupName>{{ group.name }}</GroupName>
<GroupId>{{ group.id }}</GroupId>
<Arn>arn:aws:iam::123456789012:group/{{ group.path }}</Arn>
<Arn>{{ group.arn }}</Arn>
</Group>
<Users>
{% for user in group.users %}
<member>
<Path>{{ user.path }}</Path>
<UserName>{{ user.name }}</UserName>
<UserId>{{ user.id }}</UserId>
<Arn>
arn:aws:iam::123456789012:user/{{ user.path }}/{{ user.name}}
</Arn>
<Arn>{{ user.arn }}</Arn>
</member>
{% endfor %}
</Users>
Expand All @@ -712,7 +706,7 @@ def get_credential_report(self):
<Path>{{ group.path }}</Path>
<GroupName>{{ group.name }}</GroupName>
<GroupId>{{ group.id }}</GroupId>
<Arn>arn:aws:iam::123456789012:group/{{ group.path }}</Arn>
<Arn>{{ group.arn }}</Arn>
</member>
{% endfor %}
</Groups>
Expand All @@ -731,7 +725,7 @@ def get_credential_report(self):
<Path>{{ group.path }}</Path>
<GroupName>{{ group.name }}</GroupName>
<GroupId>{{ group.id }}</GroupId>
<Arn>arn:aws:iam::123456789012:group/{{ group.path }}</Arn>
<Arn>{{ group.arn }}</Arn>
</member>
{% endfor %}
</Groups>
Expand Down Expand Up @@ -778,7 +772,7 @@ def get_credential_report(self):
<Path>{{ user.path }}</Path>
<UserName>{{ user.name }}</UserName>
<UserId>{{ user.id }}</UserId>
<Arn>arn:aws:iam::123456789012:user/{{ user.path }}/{{ user.name }}</Arn>
<Arn>{{ user.arn }}</Arn>
</User>
</{{ action }}UserResult>
<ResponseMetadata>
Expand Down Expand Up @@ -908,7 +902,7 @@ def get_credential_report(self):
{% for role in profile.roles %}
<member>
<Path>{{ role.path }}</Path>
<Arn>arn:aws:iam::123456789012:role{{ role.path }}S3Access</Arn>
<Arn>{{ role.arn }}</Arn>
<RoleName>{{ role.name }}</RoleName>
<AssumeRolePolicyDocument>{{ role.assume_policy_document }}</AssumeRolePolicyDocument>
<CreateDate>2012-05-09T15:45:35Z</CreateDate>
Expand All @@ -918,7 +912,7 @@ def get_credential_report(self):
</Roles>
<InstanceProfileName>{{ profile.name }}</InstanceProfileName>
<Path>{{ profile.path }}</Path>
<Arn>arn:aws:iam::123456789012:instance-profile{{ profile.path }}Webserver</Arn>
<Arn>{{ profile.arn }}</Arn>
<CreateDate>2012-05-09T16:27:11Z</CreateDate>
</member>
{% endfor %}
Expand Down

0 comments on commit bba197e

Please sign in to comment.