Merge pull request #2552 from bblommers/IAM-role-name-validation

IAM - Validate duplicate role names
2019-11-16 10:22:51 -08:00 · 2019-11-16 10:22:51 -08:00 · 9a30b8e8d5
commit 9a30b8e8d5
parent 028aafd05b e025ccfd06
3 changed files with 49 additions and 3 deletions
--- a/tests/test_core/test_auth.py
+++ b/tests/test_core/test_auth.py
@ -11,6 +11,7 @@ from nose.tools import assert_raises
 from moto import mock_iam, mock_ec2, mock_s3, mock_sts, mock_elbv2, mock_rds2
 from moto.core import set_initial_no_auth_action_count
 from moto.iam.models import ACCOUNT_ID
+from uuid import uuid4


@mock_iam
@ -71,8 +72,10 @@ def create_user_with_access_key_and_multiple_policies(


 def create_group_with_attached_policy_and_add_user(
-    user_name, policy_document, group_name="test-group", policy_name="policy1"
+    user_name, policy_document, group_name="test-group", policy_name=None
 ):
+    if not policy_name:
+        policy_name = str(uuid4())
    client = boto3.client("iam", region_name="us-east-1")
    client.create_group(GroupName=group_name)
    policy_arn = client.create_policy(
@ -101,8 +104,10 @@ def create_group_with_multiple_policies_and_add_user(
    attached_policy_document,
    group_name="test-group",
    inline_policy_name="policy1",
-    attached_policy_name="policy1",
+    attached_policy_name=None,
 ):
+    if not attached_policy_name:
+        attached_policy_name = str(uuid4())
    client = boto3.client("iam", region_name="us-east-1")
    client.create_group(GroupName=group_name)
    client.put_group_policy(
--- a/tests/test_iam/test_iam.py
+++ b/tests/test_iam/test_iam.py
@ -18,6 +18,7 @@ from nose.tools import raises

 from datetime import datetime
 from tests.helpers import requires_boto_gte
+from uuid import uuid4


 MOCK_CERT = """-----BEGIN CERTIFICATE-----
@ -2050,6 +2051,42 @@ def test_create_role_with_permissions_boundary():
    conn.list_roles().get("Roles")[0].get("PermissionsBoundary").should.equal(expected)


+@mock_iam
+def test_create_role_with_same_name_should_fail():
+    iam = boto3.client("iam", region_name="us-east-1")
+    test_role_name = str(uuid4())
+    iam.create_role(
+        RoleName=test_role_name, AssumeRolePolicyDocument="policy", Description="test"
+    )
+    # Create the role again, and verify that it fails
+    with assert_raises(ClientError) as err:
+        iam.create_role(
+            RoleName=test_role_name,
+            AssumeRolePolicyDocument="policy",
+            Description="test",
+        )
+    err.exception.response["Error"]["Code"].should.equal("EntityAlreadyExists")
+    err.exception.response["Error"]["Message"].should.equal(
+        "Role with name {0} already exists.".format(test_role_name)
+    )
+
+
+@mock_iam
+def test_create_policy_with_same_name_should_fail():
+    iam = boto3.client("iam", region_name="us-east-1")
+    test_policy_name = str(uuid4())
+    policy = iam.create_policy(PolicyName=test_policy_name, PolicyDocument=MOCK_POLICY)
+    # Create the role again, and verify that it fails
+    with assert_raises(ClientError) as err:
+        iam.create_policy(PolicyName=test_policy_name, PolicyDocument=MOCK_POLICY)
+    err.exception.response["Error"]["Code"].should.equal("EntityAlreadyExists")
+    err.exception.response["Error"]["Message"].should.equal(
+        "A policy called {0} already exists. Duplicate names are not allowed.".format(
+            test_policy_name
+        )
+    )
+
+
@mock_iam
 def test_create_open_id_connect_provider():
    client = boto3.client("iam", region_name="us-east-1")