-
Notifications
You must be signed in to change notification settings - Fork 106
/
aws_iam_policy_test.rb
134 lines (101 loc) · 3.66 KB
/
aws_iam_policy_test.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
require 'aws-sdk-core'
require 'aws_iam_policy'
require 'helper'
require_relative 'mock/iam/aws_iam_policy_mock'
class AwsIamPolicyConstructorTest < Minitest::Test
def test_empty_params_not_ok
assert_raises(ArgumentError) { AwsIamPolicy.new(client_args: { stub_responses: true }) }
end
def test_accepts_policy_arn
AwsIamPolicy.new(policy_arn: 'policy-arn', client_args: { stub_responses: true })
end
def test_rejects_unrecognized_params
assert_raises(ArgumentError) { AwsIamPolicy.new(rubbish: 9) }
end
end
class AwsIamPolicyTest < Minitest::Test
def setup
# Given
@mock = AwsIamPolicyMock.new
@mock_policy = @mock.policy
# When
@policy= AwsIamPolicy.new(policy_arn: @mock_policy[:arn],
client_args: { stub_responses: true },
stub_data: @mock.stub_data)
end
def test_arn
assert_equal(@policy.arn, @mock_policy[:arn])
end
def test_attached_username
assert @policy.attached_to_user?((@mock_policy[:username]))
end
def test_attached_role
assert @policy.attached_to_role?((@mock_policy[:rolename]))
end
def test_attachment_count
assert_equal(@policy.attachment_count, @mock_policy[:attachment_count])
end
def test_default_version_id
assert_equal(@policy.default_version_id, @mock_policy[:default_version_id])
end
def test_policy_name
assert_equal(@policy.policy_name, @mock_policy[:policy_name])
end
def test_policy_id
assert_equal(@policy.policy_id, @mock_policy[:policy_id])
end
def test_policy_attached_groups
assert_equal(@policy.attached_groups, @mock_policy[:attached_groups])
end
def test_policy_attached_roles
assert_equal(@policy.attached_roles.first, @mock_policy[:attached_roles].first[:role_name])
end
def test_policy_attached_user
assert_equal(@policy.attached_users.first, @mock_policy[:attached_users].first[:user_name])
end
def test_statement_count
assert_equal(@policy.statement_count, 2)
end
def test_exists
assert @policy.exists?
end
# def test_statement_contains_resources_existing
# assert @policy.has_statement?(Resource: "*")
# end
def test_statement_contains_action
assert @policy.has_statement?(Action: "ec2:Describe*")
end
def test_statement_contains_action_array
assert @policy.has_statement?(Action: ["ec2:Describe*"])
end
def test_statement_contains_not_allowed_item
assert_raises(ArgumentError) { @policy.has_statement?(Condition: 'Some condition') }
end
def test_statement_contains_action_existing_with_effect
assert @policy.has_statement?(Action: "ec2:Describe*", Effect: "Allow")
end
def test_statement_contains_action_existing_with_effect_and_resource
assert @policy.has_statement?(Action: "ec2:Describe*", Effect: "Allow", Resource: "*")
end
def test_statement_contains_not_action
assert @policy.has_statement?(NotAction: "s3:DeleteBucket")
end
def test_statement_contains_not_action_existing_with_effect
assert @policy.has_statement?(NotAction: "s3:DeleteBucket", Effect: "Allow")
end
def test_statement_contains_without_not_action
assert @policy.has_statement?(Effect: "Allow", Resource: "arn:aws:s3:::*")
end
def test_statement_full_match
assert @policy.has_statement?(NotAction: "s3:DeleteBucket", Effect: "Allow", Resource: "arn:aws:s3:::*")
end
def test_statement_wrong_action
refute @policy.has_statement?(Action: "s3:DeleteBucket", Effect: "Allow", Resource: "arn:aws:s3:::*")
end
def test_statement_contains_all_resources
assert @policy.has_statement?(Resource: "*")
end
def test_statment_wrong_resource
refute @policy.has_statement?(Resource: "arn:aws:ec2:::*")
end
end