inspec/test/unit/resources/aws_iam_policy_test.rb

201 lines
5.9 KiB
Ruby
Raw Normal View History

require 'helper'
# MAIPSB = MockAwsIamPolicySingularBackend
# Abbreviation not used outside this file
#=============================================================================#
# Constructor Tests
#=============================================================================#
class AwsIamPolicyConstructorTest < Minitest::Test
def setup
AwsIamPolicy::BackendFactory.select(MAIPSB::Empty)
end
def test_rejects_empty_params
assert_raises(ArgumentError) { AwsIamPolicy.new }
end
def test_accepts_policy_name_as_scalar
AwsIamPolicy.new('test-policy-1')
end
def test_accepts_policy_name_as_hash
AwsIamPolicy.new(policy_name: 'test-policy-1')
end
def test_rejects_unrecognized_params
assert_raises(ArgumentError) { AwsIamPolicy.new(shoe_size: 9) }
end
end
#=============================================================================#
# Search / Recall
#=============================================================================#
class AwsIamPolicyRecallTest < Minitest::Test
def setup
AwsIamPolicy::BackendFactory.select(MAIPSB::Basic)
end
def test_search_hit_via_scalar_works
assert AwsIamPolicy.new('test-policy-1').exists?
end
def test_search_hit_via_hash_works
assert AwsIamPolicy.new(policy_name: 'test-policy-1').exists?
end
def test_search_miss_is_not_an_exception
refute AwsIamPolicy.new(policy_name: 'non-existant').exists?
end
end
#=============================================================================#
# Properties
#=============================================================================#
class AwsIamPolicyPropertiesTest < Minitest::Test
def setup
AwsIamPolicy::BackendFactory.select(MAIPSB::Basic)
end
def test_property_arn
assert_equal('arn:aws:iam::aws:policy/test-policy-1', AwsIamPolicy.new('test-policy-1').arn)
assert_nil(AwsIamPolicy.new(policy_name: 'non-existant').arn)
end
def test_property_default_version_id
assert_equal('v1', AwsIamPolicy.new('test-policy-1').default_version_id)
assert_nil(AwsIamPolicy.new(policy_name: 'non-existant').default_version_id)
end
def test_property_attachment_count
assert_equal(3, AwsIamPolicy.new('test-policy-1').attachment_count)
assert_nil(AwsIamPolicy.new(policy_name: 'non-existant').attachment_count)
end
def test_property_attached_users
assert_equal(['test-user'], AwsIamPolicy.new('test-policy-1').attached_users)
assert_nil(AwsIamPolicy.new(policy_name: 'non-existant').attached_users)
end
def test_property_attached_groups
assert_equal(['test-group'], AwsIamPolicy.new('test-policy-1').attached_groups)
assert_nil(AwsIamPolicy.new(policy_name: 'non-existant').attached_groups)
end
def test_property_attached_roles
assert_equal(['test-role'], AwsIamPolicy.new('test-policy-1').attached_roles)
assert_nil(AwsIamPolicy.new(policy_name: 'non-existant').attached_roles)
end
end
#=============================================================================#
# Matchers
#=============================================================================#
class AwsIamPolicyMatchersTest < Minitest::Test
def setup
AwsIamPolicy::BackendFactory.select(MAIPSB::Basic)
end
def test_matcher_attached_positive
assert AwsIamPolicy.new('test-policy-1').attached?
end
def test_matcher_attached_negative
refute AwsIamPolicy.new('test-policy-2').attached?
end
def test_matcher_attached_to_user_positive
assert AwsIamPolicy.new('test-policy-1').attached_to_user?('test-user')
end
def test_matcher_attached_to_user_negative
refute AwsIamPolicy.new('test-policy-2').attached_to_user?('test-user')
end
def test_matcher_attached_to_group_positive
assert AwsIamPolicy.new('test-policy-1').attached_to_group?('test-group')
end
def test_matcher_attached_to_group_negative
refute AwsIamPolicy.new('test-policy-2').attached_to_group?('test-group')
end
def test_matcher_attached_to_role_positive
assert AwsIamPolicy.new('test-policy-1').attached_to_role?('test-role')
end
def test_matcher_attached_to_role_negative
refute AwsIamPolicy.new('test-policy-2').attached_to_role?('test-role')
end
end
#=============================================================================#
# Test Fixtures
#=============================================================================#
module MAIPSB
class Empty < AwsBackendBase
def list_policies(query)
OpenStruct.new(policies: [])
end
end
class Basic < AwsBackendBase
def list_policies(query)
fixtures = [
OpenStruct.new({
policy_name: 'test-policy-1',
arn: 'arn:aws:iam::aws:policy/test-policy-1',
default_version_id: 'v1',
attachment_count: 3,
is_attachable: true,
}),
OpenStruct.new({
policy_name: 'test-policy-2',
arn: 'arn:aws:iam::aws:policy/test-policy-2',
default_version_id: 'v2',
attachment_count: 0,
is_attachable: false,
}),
]
OpenStruct.new({ policies: fixtures })
end
def list_entities_for_policy(query)
policy = {}
policy['arn:aws:iam::aws:policy/test-policy-1'] =
{
policy_groups: [
OpenStruct.new({
group_name: 'test-group',
group_id: 'AIDAIJ3FUBXLZ4VXV34LE',
}),
],
policy_users: [
OpenStruct.new({
user_name: 'test-user',
user_id: 'AIDAIJ3FUBXLZ4VXV34LE',
}),
],
policy_roles: [
OpenStruct.new({
role_name: 'test-role',
role_id: 'AIDAIJ3FUBXLZ4VXV34LE',
}),
],
}
policy['arn:aws:iam::aws:policy/test-policy-2'] =
{
policy_groups: [],
policy_users: [],
policy_roles: [],
}
OpenStruct.new( policy[query[:policy_arn]] )
end
end
end