inspec/test/unit/resources/aws_iam_user_test.rb

256 lines
7.9 KiB
Ruby
Raw Normal View History

# author: Simon Varlow
require 'helper'
require 'aws_iam_user'
Re-work unit tests for user and users (#125) * Constructor unit tests Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Constructor tests pass, all others gutted Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Basic 'where' test in place, no criteria Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Wired up filter table to backend list users Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Unit testing for has_mfa_enabled and has_console_password Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Simple AWS client implementation for Users Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Rework resource parameters and validation; copy in code from #121 Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Add constructor tests Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Add search/recall tests Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Recall unit tests pass Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Failing unit tests for username and has_console_password Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * has_console_password works in unit tests Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * has_mfa_enabled failing unit tests Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * has_mfa_enabled passes unit tests Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Failing unit tests for Access Keys Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * CLean up bad rebase commit Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Access keys property works, as an uncooked AWS response Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * De-linting Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Integration tests work Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Remove provider support libraries Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Integration tests pass for users resource Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * De-lint Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Remove aws connection load from user Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Adapt aws_iam_user to rely on AwsResourceMixin Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2017-12-08 18:34:09 +00:00
# MAUIB = MockAwsIamUserBackend
# Abbreviation not used outside this file
#=============================================================================#
# Constructor Tests
#=============================================================================#
class AwsIamUserConstructorTest < Minitest::Test
def setup
Re-work unit tests for user and users (#125) * Constructor unit tests Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Constructor tests pass, all others gutted Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Basic 'where' test in place, no criteria Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Wired up filter table to backend list users Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Unit testing for has_mfa_enabled and has_console_password Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Simple AWS client implementation for Users Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Rework resource parameters and validation; copy in code from #121 Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Add constructor tests Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Add search/recall tests Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Recall unit tests pass Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Failing unit tests for username and has_console_password Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * has_console_password works in unit tests Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * has_mfa_enabled failing unit tests Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * has_mfa_enabled passes unit tests Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Failing unit tests for Access Keys Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * CLean up bad rebase commit Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Access keys property works, as an uncooked AWS response Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * De-linting Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Integration tests work Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Remove provider support libraries Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Integration tests pass for users resource Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * De-lint Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Remove aws connection load from user Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Adapt aws_iam_user to rely on AwsResourceMixin Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2017-12-08 18:34:09 +00:00
AwsIamUser::BackendFactory.select(MAIUB::Three)
end
def test_empty_params_throws_exception
assert_raises(ArgumentError) { AwsIamUser.new }
end
def test_accepts_username_as_scalar
AwsIamUser.new('erin')
end
def test_accepts_username_as_hash
AwsIamUser.new(username: 'erin')
end
def test_rejects_unrecognized_params
assert_raises(ArgumentError) { AwsIamUser.new(shoe_size: 9) }
end
end
Re-work unit tests for user and users (#125) * Constructor unit tests Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Constructor tests pass, all others gutted Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Basic 'where' test in place, no criteria Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Wired up filter table to backend list users Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Unit testing for has_mfa_enabled and has_console_password Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Simple AWS client implementation for Users Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Rework resource parameters and validation; copy in code from #121 Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Add constructor tests Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Add search/recall tests Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Recall unit tests pass Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Failing unit tests for username and has_console_password Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * has_console_password works in unit tests Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * has_mfa_enabled failing unit tests Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * has_mfa_enabled passes unit tests Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Failing unit tests for Access Keys Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * CLean up bad rebase commit Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Access keys property works, as an uncooked AWS response Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * De-linting Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Integration tests work Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Remove provider support libraries Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Integration tests pass for users resource Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * De-lint Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Remove aws connection load from user Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Adapt aws_iam_user to rely on AwsResourceMixin Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2017-12-08 18:34:09 +00:00
#=============================================================================#
# Search / Recall
#=============================================================================#
class AwsIamUserRecallTest < Minitest::Test
def setup
AwsIamUser::BackendFactory.select(MAIUB::Three)
end
def test_search_miss_is_not_an_exception
user = AwsIamUser.new('tommy')
refute user.exists?
end
def test_search_hit_via_scalar_works
user = AwsIamUser.new('erin')
assert user.exists?
assert_equal('erin', user.username)
end
def test_search_hit_via_hash_works
user = AwsIamUser.new(username: 'erin')
assert user.exists?
assert_equal('erin', user.username)
end
end
#=============================================================================#
# Properties
#=============================================================================#
class AwsIamUserPropertiesTest < Minitest::Test
def setup
AwsIamUser::BackendFactory.select(MAIUB::Three)
end
#-----------------------------------------------------#
# username property
#-----------------------------------------------------#
def test_property_username_correct_on_hit
user = AwsIamUser.new(username: 'erin')
assert_equal('erin', user.username)
end
#-----------------------------------------------------#
# has_console_password property and predicate
#-----------------------------------------------------#
def test_property_password_positive
user = AwsIamUser.new(username: 'erin')
assert_equal(true, user.has_console_password)
assert_equal(true, user.has_console_password?)
end
def test_property_password_negative
user = AwsIamUser.new(username: 'leslie')
assert_equal(false, user.has_console_password)
assert_equal(false, user.has_console_password?)
end
#-----------------------------------------------------#
# has_mfa_enabled property and predicate
#-----------------------------------------------------#
def test_property_mfa_positive
user = AwsIamUser.new(username: 'erin')
assert_equal(true, user.has_mfa_enabled)
assert_equal(true, user.has_mfa_enabled?)
end
def test_property_mfa_negative
user = AwsIamUser.new(username: 'leslie')
assert_equal(false, user.has_mfa_enabled)
assert_equal(false, user.has_mfa_enabled?)
end
#-----------------------------------------------------#
# access_keys property
#-----------------------------------------------------#
def test_property_access_keys_positive
keys = AwsIamUser.new(username: 'erin').access_keys
assert_kind_of(Array, keys)
assert_equal(keys.length, 2)
# We don't currently promise that the results
# will be Inspec resource objects.
# assert_kind_of(AwsIamAccessKey, keys.first)
end
def test_property_access_keys_negative
keys = AwsIamUser.new(username: 'leslie').access_keys
assert_kind_of(Array, keys)
assert(keys.empty?)
end
end
#=============================================================================#
# Test Fixtures
#=============================================================================#
module MAIUB
class Three < AwsBackendBase
Re-work unit tests for user and users (#125) * Constructor unit tests Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Constructor tests pass, all others gutted Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Basic 'where' test in place, no criteria Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Wired up filter table to backend list users Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Unit testing for has_mfa_enabled and has_console_password Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Simple AWS client implementation for Users Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Rework resource parameters and validation; copy in code from #121 Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Add constructor tests Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Add search/recall tests Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Recall unit tests pass Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Failing unit tests for username and has_console_password Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * has_console_password works in unit tests Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * has_mfa_enabled failing unit tests Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * has_mfa_enabled passes unit tests Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Failing unit tests for Access Keys Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * CLean up bad rebase commit Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Access keys property works, as an uncooked AWS response Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * De-linting Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Integration tests work Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Remove provider support libraries Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Integration tests pass for users resource Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * De-lint Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Remove aws connection load from user Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Adapt aws_iam_user to rely on AwsResourceMixin Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2017-12-08 18:34:09 +00:00
def get_user(criteria)
people = {
'erin' => OpenStruct.new({
user: OpenStruct.new({
arn: "arn:aws:iam::123456789012:user/erin",
create_date: Time.parse("2016-09-21T23:03:13Z"),
path: "/",
user_id: "AKIAIOSFODNN7EXAERIN",
user_name: "erin",
}),
}),
'leslie' => OpenStruct.new({
user: OpenStruct.new({
arn: "arn:aws:iam::123456789012:user/leslie",
create_date: Time.parse("2017-09-21T23:03:13Z"),
path: "/",
user_id: "AKIAIOSFODNN7EXAERIN",
user_name: "leslie",
}),
}),
'jared' => OpenStruct.new({
user: OpenStruct.new({
arn: "arn:aws:iam::123456789012:user/jared",
create_date: Time.parse("2017-09-21T23:03:13Z"),
path: "/",
user_id: "AKIAIOSFODNN7EXAERIN",
user_name: "jared",
}),
}),
}
raise Aws::IAM::Errors::NoSuchEntity.new(nil, nil) unless people.key?(criteria[:user_name])
people[criteria[:user_name]]
end
def get_login_profile(criteria)
# Leslie has no password
# Jared's is expired
people = {
'erin' => OpenStruct.new({
login_profile: OpenStruct.new({
user_name: 'erin',
password_reset_required: false,
create_date: Time.parse("2016-09-21T23:03:13Z"),
}),
}),
'jared' => OpenStruct.new({
login_profile: OpenStruct.new({
user_name: 'jared',
password_reset_required: true,
create_date: Time.parse("2017-09-21T23:03:13Z"),
}),
}),
}
raise Aws::IAM::Errors::NoSuchEntity.new(nil, nil) unless people.key?(criteria[:user_name])
people[criteria[:user_name]]
end
def list_mfa_devices(criteria)
# Erin has 2, one soft and one hw
# Leslie has none
# Jared has one soft
people = {
'erin' => OpenStruct.new({
mfa_devices: [
OpenStruct.new({
user_name: 'erin',
serial_number: 'arn:blahblahblah',
enable_date: Time.parse("2016-09-21T23:03:13Z"),
}),
OpenStruct.new({
user_name: 'erin',
serial_number: '1234567890',
enable_date: Time.parse("2016-09-21T23:03:13Z"),
}),
]
}),
'leslie' => OpenStruct.new({mfa_devices: []}),
'jared' => OpenStruct.new({
mfa_devices: [
OpenStruct.new({
user_name: 'jared',
serial_number: 'arn:blahblahblah',
enable_date: Time.parse("2016-09-21T23:03:13Z"),
}),
]
}),
}
people[criteria[:user_name]]
end
def list_access_keys(criteria)
# Erin has 2
# Leslie has none
# Jared has one
people = {
'erin' => OpenStruct.new({
access_key_metadata: [
OpenStruct.new({
user_name: 'erin',
access_key_id: 'AKIA111111111EXAMPLE',
create_date: Time.parse("2016-09-21T23:03:13Z"),
status: 'Active',
}),
OpenStruct.new({
user_name: 'erin',
access_key_id: 'AKIA222222222EXAMPLE',
create_date: Time.parse("2016-09-21T23:03:13Z"),
status: 'Active',
}),
]
}),
'leslie' => OpenStruct.new({access_key_metadata: []}),
'jared' => OpenStruct.new({
access_key_metadata: [
OpenStruct.new({
user_name: 'jared',
access_key_id: 'AKIA3333333333EXAMPLE',
create_date: Time.parse("2017-10-21T23:03:13Z"),
status: 'Active',
}),
]
}),
}
people[criteria[:user_name]]
end
end
end