Fixes for get_policy and get_policy_version with AWS managed policies (#2231)

* Created test for get_policy with AWS managed policy. * Created failing test for get_policy_version with AWS managed policy. * Updated AWS managed policies. * Fixed failing tests. * Fixed trying to compare datetime with string in test case. * Fixed CreateDate of AWS managed policies overwritten by their version's CreateDate. * Fixed and improved tests for managed AWS policies. * Added test for AWS managed policy with v4 default version. * Fixed not correctly returning dates for AWS managed policies.
2019-06-06 14:36:39 +02:00 · 2019-06-06 14:36:39 +02:00 · 97ab7fd307
commit 97ab7fd307
parent ed93821621
4 changed files with 22339 additions and 6760 deletions
--- a/tests/test_iam/test_iam.py
+++ b/tests/test_iam/test_iam.py
@ -323,7 +323,18 @@ def test_get_policy():
        PolicyDocument='{"some":"policy"}')
    policy = conn.get_policy(
        PolicyArn="arn:aws:iam::123456789012:policy/TestGetPolicy")
-    response['Policy']['Arn'].should.equal("arn:aws:iam::123456789012:policy/TestGetPolicy")
+    policy['Policy']['Arn'].should.equal("arn:aws:iam::123456789012:policy/TestGetPolicy")
+
+
+@mock_iam
+def test_get_aws_managed_policy():
+    conn = boto3.client('iam', region_name='us-east-1')
+    managed_policy_arn = 'arn:aws:iam::aws:policy/IAMUserChangePassword'
+    managed_policy_create_date = datetime.strptime("2016-11-15T00:25:16+00:00", "%Y-%m-%dT%H:%M:%S+00:00")
+    policy = conn.get_policy(
+        PolicyArn=managed_policy_arn)
+    policy['Policy']['Arn'].should.equal(managed_policy_arn)
+    policy['Policy']['CreateDate'].replace(tzinfo=None).should.equal(managed_policy_create_date)


@mock_iam
@ -345,6 +356,36 @@ def test_get_policy_version():
    retrieved.get('PolicyVersion').get('Document').should.equal({'some': 'policy'})


+@mock_iam
+def test_get_aws_managed_policy_version():
+    conn = boto3.client('iam', region_name='us-east-1')
+    managed_policy_arn = 'arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'
+    managed_policy_version_create_date = datetime.strptime("2015-04-09T15:03:43+00:00", "%Y-%m-%dT%H:%M:%S+00:00")
+    with assert_raises(ClientError):
+        conn.get_policy_version(
+            PolicyArn=managed_policy_arn,
+            VersionId='v2-does-not-exist')
+    retrieved = conn.get_policy_version(
+        PolicyArn=managed_policy_arn,
+        VersionId="v1")
+    retrieved['PolicyVersion']['CreateDate'].replace(tzinfo=None).should.equal(managed_policy_version_create_date)
+
+
+@mock_iam
+def test_get_aws_managed_policy_v4_version():
+    conn = boto3.client('iam', region_name='us-east-1')
+    managed_policy_arn = 'arn:aws:iam::aws:policy/job-function/SystemAdministrator'
+    managed_policy_version_create_date = datetime.strptime("2018-10-08T21:33:45+00:00", "%Y-%m-%dT%H:%M:%S+00:00")
+    with assert_raises(ClientError):
+        conn.get_policy_version(
+            PolicyArn=managed_policy_arn,
+            VersionId='v2-does-not-exist')
+    retrieved = conn.get_policy_version(
+        PolicyArn=managed_policy_arn,
+        VersionId="v4")
+    retrieved['PolicyVersion']['CreateDate'].replace(tzinfo=None).should.equal(managed_policy_version_create_date)
+
+
@mock_iam
 def test_list_policy_versions():
    conn = boto3.client('iam', region_name='us-east-1')