Implemented validating action prefixes.

2019-06-30 18:48:27 +02:00 · 2019-06-30 18:48:27 +02:00 · e133344846
commit e133344846
parent 50745fc5c0
2 changed files with 111 additions and 3 deletions
--- a/tests/test_iam/test_iam_policies.py
+++ b/tests/test_iam/test_iam_policies.py
@ -127,6 +127,30 @@ invalid_documents_test_cases = [
        },
        "error_message": 'Actions/Conditions must be prefaced by a vendor, e.g., iam, sdb, ec2, etc.'
    },
+    {
+        "document": {
+            "Version": "2012-10-17",
+            "Statement":
+                {
+                    "Effect": "Allow",
+                    "Action": "a a:ListBucket",
+                    "Resource": "arn:aws:s3:::example_bucket"
+                }
+        },
+        "error_message": 'Vendor a a is not valid'
+    },
+    {
+        "document": {
+            "Version": "2012-10-17",
+            "Statement":
+                {
+                    "Effect": "Allow",
+                    "Action": "s3:List:Bucket",
+                    "Resource": "arn:aws:s3:::example_bucket"
+                }
+        },
+        "error_message": 'Actions/Condition can contain only one colon.'
+    },
    {
        "document": {
            "Version": "2012-10-17",
@ -149,6 +173,17 @@ invalid_documents_test_cases = [
        },
        "error_message": 'Resource adf must be in ARN format or "*".'
    },
+    {
+        "document": {
+            "Version": "2012-10-17",
+            "Statement": {
+                "Effect": "Allow",
+                "Action": "s3:ListBucket",
+                "Resource": ""
+            }
+        },
+        "error_message": 'Resource  must be in ARN format or "*".'
+    },
    {
        "document": {
            "Version": "2012-10-17",
@ -177,6 +212,16 @@ invalid_documents_test_cases = [
        },
        "error_message": 'Policy statement must contain resources.'
    },
+    {
+        "document": {
+            "Version": "2012-10-17",
+            "Statement": {
+                "Effect": "Allow",
+                "Action": "invalid"
+            }
+        },
+        "error_message": 'Policy statement must contain resources.'
+    },
    {
        "document": {
            "Version": "2012-10-17",
@ -206,6 +251,18 @@ invalid_documents_test_cases = [
        },
        "error_message": 'Policy statement must contain actions.'
    },
+    {
+        "document": {
+            "Version": "2012-10-17",
+            "Statement":
+                {
+                    "Effect": "Allow",
+                    "Action": [],
+                    "Resource": "arn:aws:s3:::example_bucket"
+                }
+        },
+        "error_message": 'Policy statement must contain actions.'
+    },
    {
        "document": {
            "Version": "2012-10-17",
@ -283,6 +340,29 @@ invalid_documents_test_cases = [
        },
        "error_message": 'Syntax errors in policy.'
    },
+    {
+        "document": {
+            "Version": "2012-10-17",
+            "Statement": {
+                "Effect": "Deny",
+                "Action": [[]],
+                "Resource": "arn:aws:s3:::example_bucket"
+            }
+        },
+        "error_message": 'Syntax errors in policy.'
+    },
+    {
+        "document": {
+            "Version": "2012-10-17",
+            "Statement":
+                {
+                    "Effect": "Allow",
+                    "Action": {},
+                    "Resource": "arn:aws:s3:::example_bucket"
+                }
+        },
+        "error_message": 'Syntax errors in policy.'
+    },
    {
        "document": {
            "Version": "2012-10-17",