inspec/test/unit/resources/aws_iam_user_test.rb
Ryan Davis 82c9aa6ed6 Got the rest of the tests to pass.
Signed-off-by: Ryan Davis <zenspider@chef.io>
2019-05-29 17:58:02 -07:00

368 lines
11 KiB
Ruby

require 'helper'
require 'inspec/resource'
require 'resources/aws/aws_iam_user'
require 'resource_support/aws'
require 'resources/aws/aws_iam_user'
# MAUIB = MockAwsIamUserBackend
# Abbreviation not used outside this file
#=============================================================================#
# Constructor Tests
#=============================================================================#
class AwsIamUserConstructorTest < Minitest::Test
def setup
AwsIamUser::BackendFactory.select(MAIUB::Three)
end
def test_empty_params_throws_exception
assert_raises(ArgumentError) { AwsIamUser.new }
end
def test_accepts_username_as_scalar
AwsIamUser.new('erin')
end
def test_accepts_username_as_hash
AwsIamUser.new(username: 'erin')
end
def test_rejects_unrecognized_params
assert_raises(ArgumentError) { AwsIamUser.new(shoe_size: 9) }
end
end
#=============================================================================#
# Search / Recall
#=============================================================================#
class AwsIamUserRecallTest < Minitest::Test
def setup
AwsIamUser::BackendFactory.select(MAIUB::Three)
end
def test_search_miss_is_not_an_exception
user = AwsIamUser.new('tommy')
refute user.exists?
end
def test_search_hit_via_scalar_works
user = AwsIamUser.new('erin')
assert user.exists?
assert_equal('erin', user.username)
end
def test_search_hit_via_hash_works
user = AwsIamUser.new(username: 'erin')
assert user.exists?
assert_equal('erin', user.username)
end
end
#=============================================================================#
# Properties
#=============================================================================#
class AwsIamUserPropertiesTest < Minitest::Test
def setup
AwsIamUser::BackendFactory.select(MAIUB::Three)
end
def test_property_attached_policies
noone = AwsIamUser.new('nonesuch')
assert_empty(noone.attached_policy_names)
assert_empty(noone.attached_policy_arns)
erin = AwsIamUser.new('erin')
assert_empty(erin.attached_policy_names)
assert_empty(erin.attached_policy_arns)
leslie = AwsIamUser.new('leslie')
assert_equal(1, leslie.attached_policy_names.count)
assert_includes(leslie.attached_policy_names, 'AdministratorAccess')
assert_equal(1, leslie.attached_policy_arns.count)
assert_includes(leslie.attached_policy_arns, 'arn:aws:iam::aws:policy/AdministratorAccess')
jared = AwsIamUser.new('jared')
assert_equal(2, jared.attached_policy_names.count)
assert_includes(jared.attached_policy_names, 'ReadOnlyAccess')
assert_equal(2, jared.attached_policy_arns.count)
assert_includes(jared.attached_policy_arns, 'arn:aws:iam::aws:policy/ReadOnlyAccess')
end
def test_property_inline_policies
noone = AwsIamUser.new('nonesuch')
assert_empty(noone.inline_policy_names)
erin = AwsIamUser.new('erin')
assert_empty(erin.inline_policy_names)
leslie = AwsIamUser.new('leslie')
assert_equal(2, leslie.inline_policy_names.count)
assert_includes(leslie.inline_policy_names, 'leslie-inline-01')
assert_includes(leslie.inline_policy_names, 'leslie-inline-02')
jared = AwsIamUser.new('jared')
assert_equal(1, jared.inline_policy_names.count)
assert_includes(jared.inline_policy_names, 'jared-inline-01')
end
#-----------------------------------------------------#
# username property
#-----------------------------------------------------#
def test_property_username_correct_on_hit
user = AwsIamUser.new('erin')
assert_equal('erin', user.username)
end
def test_property_username_correct_on_miss
user = AwsIamUser.new('nonesuch')
assert_equal('nonesuch', user.username)
end
#-----------------------------------------------------#
# access_keys property
#-----------------------------------------------------#
def test_property_access_keys_positive
keys = AwsIamUser.new('erin').access_keys
assert_kind_of(Array, keys)
assert_equal(keys.length, 2)
# We don't currently promise that the results
# will be InSpec resource objects.
# assert_kind_of(AwsIamAccessKey, keys.first)
end
def test_property_access_keys_negative
keys = AwsIamUser.new('leslie').access_keys
assert_kind_of(Array, keys)
assert(keys.empty?)
end
end
#=============================================================================#
# Matchers
#=============================================================================#
class AwsIamUserMatchersTest < Minitest::Test
def setup
AwsIamUser::BackendFactory.select(MAIUB::Three)
end
def test_matcher_mfa_positive
user = AwsIamUser.new('erin')
assert_equal(true, user.has_mfa_enabled)
assert_equal(true, user.has_mfa_enabled?)
end
def test_matcher_mfa_negative
user = AwsIamUser.new('leslie')
assert_equal(false, user.has_mfa_enabled)
assert_equal(false, user.has_mfa_enabled?)
end
def test_matcher_password_positive
user = AwsIamUser.new('erin')
assert_equal(true, user.has_console_password)
assert_equal(true, user.has_console_password?)
end
def test_matcher_password_negative
user = AwsIamUser.new('leslie')
assert_equal(false, user.has_console_password)
assert_equal(false, user.has_console_password?)
end
def test_matcher_has_attached_policies
assert_nil(AwsIamUser.new('nonesuch').has_attached_policies?)
refute(AwsIamUser.new('erin').has_attached_policies?)
assert(AwsIamUser.new('leslie').has_attached_policies?)
assert(AwsIamUser.new('jared').has_attached_policies?)
end
def test_matcher_has_inline_policies
assert_nil(AwsIamUser.new('nonesuch').has_inline_policies?)
refute(AwsIamUser.new('erin').has_inline_policies?)
assert(AwsIamUser.new('leslie').has_inline_policies?)
assert(AwsIamUser.new('jared').has_inline_policies?)
end
end
#=============================================================================#
# Test Fixtures
#=============================================================================#
module MAIUB
class Three < AwsBackendBase
def get_user(criteria)
people = {
'erin' => OpenStruct.new({
user: OpenStruct.new({
arn: "arn:aws:iam::123456789012:user/erin",
create_date: Time.parse("2016-09-21T23:03:13Z"),
path: "/",
user_id: "AKIAIOSFODNN7EXAERIN",
user_name: "erin",
}),
}),
'leslie' => OpenStruct.new({
user: OpenStruct.new({
arn: "arn:aws:iam::123456789012:user/leslie",
create_date: Time.parse("2017-09-21T23:03:13Z"),
path: "/",
user_id: "AKIAIOSFODNN7EXAERIN",
user_name: "leslie",
}),
}),
'jared' => OpenStruct.new({
user: OpenStruct.new({
arn: "arn:aws:iam::123456789012:user/jared",
create_date: Time.parse("2017-09-21T23:03:13Z"),
path: "/",
user_id: "AKIAIOSFODNN7EXAERIN",
user_name: "jared",
}),
}),
}
raise Aws::IAM::Errors::NoSuchEntity.new(nil, nil) unless people.key?(criteria[:user_name])
people[criteria[:user_name]]
end
def get_login_profile(criteria)
# Leslie has no password
# Jared's is expired
people = {
'erin' => OpenStruct.new({
login_profile: OpenStruct.new({
user_name: 'erin',
password_reset_required: false,
create_date: Time.parse("2016-09-21T23:03:13Z"),
}),
}),
'jared' => OpenStruct.new({
login_profile: OpenStruct.new({
user_name: 'jared',
password_reset_required: true,
create_date: Time.parse("2017-09-21T23:03:13Z"),
}),
}),
}
raise Aws::IAM::Errors::NoSuchEntity.new(nil, nil) unless people.key?(criteria[:user_name])
people[criteria[:user_name]]
end
def list_mfa_devices(criteria)
# Erin has 2, one soft and one hw
# Leslie has none
# Jared has one soft
people = {
'erin' => OpenStruct.new({
mfa_devices: [
OpenStruct.new({
user_name: 'erin',
serial_number: 'arn:blahblahblah',
enable_date: Time.parse("2016-09-21T23:03:13Z"),
}),
OpenStruct.new({
user_name: 'erin',
serial_number: '1234567890',
enable_date: Time.parse("2016-09-21T23:03:13Z"),
}),
]
}),
'leslie' => OpenStruct.new({mfa_devices: []}),
'jared' => OpenStruct.new({
mfa_devices: [
OpenStruct.new({
user_name: 'jared',
serial_number: 'arn:blahblahblah',
enable_date: Time.parse("2016-09-21T23:03:13Z"),
}),
]
}),
}
people[criteria[:user_name]]
end
def list_access_keys(criteria)
# Erin has 2
# Leslie has none
# Jared has one
people = {
'erin' => OpenStruct.new({
access_key_metadata: [
OpenStruct.new({
user_name: 'erin',
access_key_id: 'AKIA111111111EXAMPLE',
create_date: Time.parse("2016-09-21T23:03:13Z"),
status: 'Active',
}),
OpenStruct.new({
user_name: 'erin',
access_key_id: 'AKIA222222222EXAMPLE',
create_date: Time.parse("2016-09-21T23:03:13Z"),
status: 'Active',
}),
]
}),
'leslie' => OpenStruct.new({access_key_metadata: []}),
'jared' => OpenStruct.new({
access_key_metadata: [
OpenStruct.new({
user_name: 'jared',
access_key_id: 'AKIA3333333333EXAMPLE',
create_date: Time.parse("2017-10-21T23:03:13Z"),
status: 'Active',
}),
]
}),
}
people[criteria[:user_name]]
end
def list_user_policies(query)
people = {
'erin' => Aws::IAM::Types::ListUserPoliciesResponse.new(
policy_names: []
),
'leslie' => Aws::IAM::Types::ListUserPoliciesResponse.new(
policy_names: ['leslie-inline-01', 'leslie-inline-02'],
),
'jared' => Aws::IAM::Types::ListUserPoliciesResponse.new(
policy_names: ['jared-inline-01'],
)
}
people[query[:user_name]]
end
def list_attached_user_policies(query)
people = {
'erin' => Aws::IAM::Types::ListAttachedUserPoliciesResponse.new(
attached_policies: [],
),
'leslie' => Aws::IAM::Types::ListAttachedUserPoliciesResponse.new(
attached_policies: [
{
policy_arn: 'arn:aws:iam::aws:policy/AdministratorAccess',
policy_name: 'AdministratorAccess',
},
]
),
'jared' => Aws::IAM::Types::ListAttachedUserPoliciesResponse.new(
attached_policies: [
{
policy_arn: 'arn:aws:iam::aws:policy/ReadOnlyAccess',
policy_name: 'ReadOnlyAccess',
},
{
policy_arn: 'arn:aws:iam::123456789012:policy/some-policy',
policy_name: 'some-policy',
},
]
),
}
people[query[:user_name]]
end
end
end