| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209 |
- # -*- coding: utf-8 -*-
- """
- :codeauthor: Jayesh Kariya <jayeshk@saltstack.com>
- """
- # Import Python libs
- from __future__ import absolute_import, print_function, unicode_literals
- # Import Salt Libs
- import salt.states.boto_iam_role as boto_iam_role
- # Import Salt Testing Libs
- from tests.support.mixins import LoaderModuleMockMixin
- from tests.support.mock import MagicMock, patch
- from tests.support.unit import TestCase
- class BotoIAMRoleTestCase(TestCase, LoaderModuleMockMixin):
- """
- Test cases for salt.states.boto_iam_role
- """
- def setup_loader_modules(self):
- return {boto_iam_role: {}}
- # 'present' function tests: 1
- def test_present(self):
- """
- Test to ensure the IAM role exists.
- """
- name = "myrole"
- ret = {"name": name, "result": False, "changes": {}, "comment": ""}
- _desc_role = {
- "create_date": "2015-02-11T19:47:14Z",
- "role_id": "HIUHBIUBIBNKJNBKJ",
- "assume_role_policy_document": {
- "Version": "2008-10-17",
- "Statement": [
- {
- "Action": "sts:AssumeRole",
- "Principal": {"Service": "ec2.amazonaws.com"},
- "Effect": "Allow",
- }
- ],
- },
- "role_name": "myfakerole",
- "path": "/",
- "arn": "arn:aws:iam::12345:role/myfakerole",
- }
- _desc_role2 = {
- "create_date": "2015-02-11T19:47:14Z",
- "role_id": "HIUHBIUBIBNKJNBKJ",
- "assume_role_policy_document": {
- "Version": "2008-10-17",
- "Statement": [
- {
- "Action": "sts:AssumeRole",
- "Principal": {
- "Service": [
- "ec2.amazonaws.com",
- "datapipeline.amazonaws.com",
- ]
- },
- "Effect": "Allow",
- }
- ],
- },
- "role_name": "myfakerole",
- "path": "/",
- "arn": "arn:aws:iam::12345:role/myfakerole",
- }
- mock_desc = MagicMock(
- side_effect=[False, _desc_role, _desc_role, _desc_role2, _desc_role]
- )
- _build_policy = {
- "Version": "2008-10-17",
- "Statement": [
- {
- "Action": "sts:AssumeRole",
- "Effect": "Allow",
- "Principal": {"Service": "ec2.amazonaws.com"},
- }
- ],
- }
- mock_policy = MagicMock(return_value=_build_policy)
- mock_ipe = MagicMock(side_effect=[False, True, True, True])
- mock_pa = MagicMock(side_effect=[False, True, True, True])
- mock_bool = MagicMock(return_value=False)
- mock_lst = MagicMock(return_value=[])
- with patch.dict(
- boto_iam_role.__salt__,
- {
- "boto_iam.describe_role": mock_desc,
- "boto_iam.create_role": mock_bool,
- "boto_iam.build_policy": mock_policy,
- "boto_iam.update_assume_role_policy": mock_bool,
- "boto_iam.instance_profile_exists": mock_ipe,
- "boto_iam.list_attached_role_policies": mock_lst,
- "boto_iam.create_instance_profile": mock_bool,
- "boto_iam.profile_associated": mock_pa,
- "boto_iam.associate_profile_to_role": mock_bool,
- "boto_iam.list_role_policies": mock_lst,
- },
- ):
- with patch.dict(boto_iam_role.__opts__, {"test": False}):
- comt = " Failed to create {0} IAM role.".format(name)
- ret.update({"comment": comt})
- self.assertDictEqual(boto_iam_role.present(name), ret)
- comt = (
- " myrole role present. " "Failed to create myrole instance profile."
- )
- ret.update({"comment": comt})
- self.assertDictEqual(boto_iam_role.present(name), ret)
- comt = (
- " myrole role present. Failed to associate myrole"
- " instance profile with myrole role."
- )
- ret.update({"comment": comt})
- self.assertDictEqual(boto_iam_role.present(name), ret)
- comt = " myrole role present. Failed to update assume role" " policy."
- ret.update({"comment": comt})
- self.assertDictEqual(boto_iam_role.present(name), ret)
- comt = " myrole role present. "
- ret.update({"comment": comt, "result": True})
- self.assertDictEqual(boto_iam_role.present(name), ret)
- # 'absent' function tests: 1
- def test_absent(self):
- """
- Test to ensure the IAM role is deleted.
- """
- name = "myrole"
- ret = {"name": name, "result": False, "changes": {}, "comment": ""}
- mock = MagicMock(
- side_effect=[
- ["mypolicy"],
- ["mypolicy"],
- False,
- True,
- False,
- False,
- True,
- False,
- False,
- False,
- True,
- ]
- )
- mock_bool = MagicMock(return_value=False)
- mock_lst = MagicMock(return_value=[])
- with patch.dict(
- boto_iam_role.__salt__,
- {
- "boto_iam.list_role_policies": mock,
- "boto_iam.delete_role_policy": mock_bool,
- "boto_iam.profile_associated": mock,
- "boto_iam.disassociate_profile_from_role": mock_bool,
- "boto_iam.instance_profile_exists": mock,
- "boto_iam.list_attached_role_policies": mock_lst,
- "boto_iam.delete_instance_profile": mock_bool,
- "boto_iam.role_exists": mock,
- "boto_iam.delete_role": mock_bool,
- },
- ):
- with patch.dict(boto_iam_role.__opts__, {"test": False}):
- comt = " Failed to add policy mypolicy to role myrole"
- ret.update(
- {
- "comment": comt,
- "changes": {
- "new": {"policies": ["mypolicy"]},
- "old": {"policies": ["mypolicy"]},
- },
- }
- )
- self.assertDictEqual(boto_iam_role.absent(name), ret)
- comt = (
- " No policies in role myrole."
- " No attached policies in role myrole. Failed to disassociate "
- "myrole instance profile from myrole role."
- )
- ret.update({"comment": comt, "changes": {}})
- self.assertDictEqual(boto_iam_role.absent(name), ret)
- comt = (
- " No policies in role myrole."
- " No attached policies in role myrole. "
- " Failed to delete myrole instance profile."
- )
- ret.update({"comment": comt, "changes": {}})
- self.assertDictEqual(boto_iam_role.absent(name), ret)
- comt = (
- " No policies in role myrole."
- " No attached policies in role myrole. myrole instance profile "
- "does not exist. Failed to delete myrole iam role."
- )
- ret.update({"comment": comt, "changes": {}})
- self.assertDictEqual(boto_iam_role.absent(name), ret)
|
