IAM get account authorization details (#1736)

* start of get_account_authorization_details for iam * add get_account_authorization_details dynamic template * remove old commented out template * Fix flake8 problems and add unit test
2018-08-07 10:31:36 -07:00 · 2018-08-07 10:31:36 -07:00 · a420064621
commit a420064621
parent 2e5e7e7f5e
3 changed files with 245 additions and 0 deletions
--- a/tests/test_iam/test_iam.py
+++ b/tests/test_iam/test_iam.py
@ -678,3 +678,68 @@ def test_update_access_key():
                             Status='Inactive')
    resp = client.list_access_keys(UserName=username)
    resp['AccessKeyMetadata'][0]['Status'].should.equal('Inactive')
+
+
+@mock_iam
+def test_get_account_authorization_details():
+    import json
+    conn = boto3.client('iam', region_name='us-east-1')
+    conn.create_role(RoleName="my-role", AssumeRolePolicyDocument="some policy", Path="/my-path/")
+    conn.create_user(Path='/', UserName='testCloudAuxUser')
+    conn.create_group(Path='/', GroupName='testCloudAuxGroup')
+    conn.create_policy(
+        PolicyName='testCloudAuxPolicy',
+        Path='/',
+        PolicyDocument=json.dumps({
+            "Version": "2012-10-17",
+            "Statement": [
+                {
+                    "Action": "s3:ListBucket",
+                    "Resource": "*",
+                    "Effect": "Allow",
+                }
+            ]
+        }),
+        Description='Test CloudAux Policy'
+    )
+
+    result = conn.get_account_authorization_details(Filter=['Role'])
+    len(result['RoleDetailList']) == 1
+    len(result['UserDetailList']) == 0
+    len(result['GroupDetailList']) == 0
+    len(result['Policies']) == 0
+
+    result = conn.get_account_authorization_details(Filter=['User'])
+    len(result['RoleDetailList']) == 0
+    len(result['UserDetailList']) == 1
+    len(result['GroupDetailList']) == 0
+    len(result['Policies']) == 0
+
+    result = conn.get_account_authorization_details(Filter=['Group'])
+    len(result['RoleDetailList']) == 0
+    len(result['UserDetailList']) == 0
+    len(result['GroupDetailList']) == 1
+    len(result['Policies']) == 0
+
+    result = conn.get_account_authorization_details(Filter=['LocalManagedPolicy'])
+    len(result['RoleDetailList']) == 0
+    len(result['UserDetailList']) == 0
+    len(result['GroupDetailList']) == 0
+    len(result['Policies']) == 1
+
+    # Check for greater than 1 since this should always be greater than one but might change.
+    # See iam/aws_managed_policies.py
+    result = conn.get_account_authorization_details(Filter=['AWSManagedPolicy'])
+    len(result['RoleDetailList']) == 0
+    len(result['UserDetailList']) == 0
+    len(result['GroupDetailList']) == 0
+    len(result['Policies']) > 1
+
+    result = conn.get_account_authorization_details()
+    len(result['RoleDetailList']) == 1
+    len(result['UserDetailList']) == 1
+    len(result['GroupDetailList']) == 1
+    len(result['Policies']) > 1
+
+
+