catalin/moto
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Add tag & untag user (#3638)

Browse source 
* Add iam.tag_user

* Add iam.untag_user

* Fix Python2 error
This commit is contained in:
Anton Grübel 2021-02-01 12:37:54 +01:00 committed by GitHub
commit fe9f1dfe14
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 165 additions and 81 deletions
Download patch file Download diff file Expand all files Collapse all files

83
tests/test_iam/test_iam.py
View file

@ -1140,8 +1140,9 @@ def test_enable_virtual_mfa_device():
client = boto3.client("iam", region_name="us-east-1")
response = client.create_virtual_mfa_device(VirtualMFADeviceName="test-device")
serial_number = response["VirtualMFADevice"]["SerialNumber"]
tags = [{"Key": "key", "Value": "value"}]
client.create_user(UserName="test-user")
client.create_user(UserName="test-user", Tags=tags)
client.enable_mfa_device(
UserName="test-user",
SerialNumber=serial_number,
@ -1165,6 +1166,7 @@ def test_enable_virtual_mfa_device():
"arn:aws:iam::{}:user/test-user".format(ACCOUNT_ID)
)
device["User"]["CreateDate"].should.be.a(datetime)
device["User"]["Tags"].should.equal(tags)
device["EnableDate"].should.be.a(datetime)
response["IsTruncated"].should_not.be.ok
@ -2924,7 +2926,7 @@ def test_list_user_tags():
],
)
response = conn.list_user_tags(UserName="kenny-bania")
response["Tags"].should.equal([])
response["Tags"].should.have.length_of(0)
response["IsTruncated"].should_not.be.ok
response = conn.list_user_tags(UserName="jackie-chiles")
@ -4047,3 +4049,80 @@ def test_create_user_with_tags():
resp = conn.create_user(UserName="test-create-user-no-tags")
assert "Tags" not in resp["User"]
@mock_iam
def test_tag_user():
# given
client = boto3.client("iam", region_name="eu-central-1")
name = "test-user"
tags = sorted(
[{"Key": "key", "Value": "value"}, {"Key": "key-2", "Value": "value-2"}],
key=lambda item: item["Key"],
)
client.create_user(UserName=name)
# when
client.tag_user(UserName=name, Tags=tags)
# then
response = client.list_user_tags(UserName=name)
sorted(response["Tags"], key=lambda item: item["Key"],).should.equal(tags)
@mock_iam
def test_tag_user_error_unknown_user_name():
# given
client = boto3.client("iam", region_name="eu-central-1")
name = "unknown"
# when
with pytest.raises(ClientError) as e:
client.tag_user(UserName=name, Tags=[{"Key": "key", "Value": "value"}])
# then
ex = e.value
ex.operation_name.should.equal("TagUser")
ex.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(404)
ex.response["Error"]["Code"].should.contain("NoSuchEntity")
ex.response["Error"]["Message"].should.equal(
"The user with name {} cannot be found.".format(name)
)
@mock_iam
def test_untag_user():
# given
client = boto3.client("iam", region_name="eu-central-1")
name = "test-user"
client.create_user(
UserName=name,
Tags=[{"Key": "key", "Value": "value"}, {"Key": "key-2", "Value": "value"}],
)
# when
client.untag_user(UserName=name, TagKeys=["key-2"])
# then
response = client.list_user_tags(UserName=name)
response["Tags"].should.equal([{"Key": "key", "Value": "value"}])
@mock_iam
def test_untag_user_error_unknown_user_name():
# given
client = boto3.client("iam", region_name="eu-central-1")
name = "unknown"
# when
with pytest.raises(ClientError) as e:
client.untag_user(UserName=name, TagKeys=["key"])
# then
ex = e.value
ex.operation_name.should.equal("UntagUser")
ex.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(404)
ex.response["Error"]["Code"].should.contain("NoSuchEntity")
ex.response["Error"]["Message"].should.equal(
"The user with name {} cannot be found.".format(name)
)

57
tests/test_iam/test_iam_cloudformation.py
View file

@ -967,59 +967,6 @@ Outputs:
pass
@mock_iam
@mock_cloudformation
def test_iam_cloudformation_delete_users_access_key():
cf_client = boto3.client("cloudformation", region_name="us-east-1")
stack_name = "MyStack"
template = """
Resources:
TheUser:
Type: AWS::IAM::User
TheAccessKey:
Type: AWS::IAM::AccessKey
Properties:
UserName: !Ref TheUser
""".strip()
cf_client.create_stack(StackName=stack_name, TemplateBody=template)
provisioned_resources = cf_client.list_stack_resources(StackName=stack_name)[
"StackResourceSummaries"
]
provisioned_user = [
resource
for resource in provisioned_resources
if resource["LogicalResourceId"] == "TheUser"
][0]
user_name = provisioned_user["PhysicalResourceId"]
provisioned_access_key = [
resource
for resource in provisioned_resources
if resource["LogicalResourceId"] == "TheAccessKey"
][0]
access_key_id = provisioned_access_key["PhysicalResourceId"]
iam_client = boto3.client("iam", region_name="us-east-1")
user = iam_client.get_user(UserName=user_name)
access_keys = iam_client.list_access_keys(UserName=user_name)
access_key_id.should.equal(access_keys["AccessKeyMetadata"][0]["AccessKeyId"])
cf_client.delete_stack(StackName=stack_name)
iam_client.get_user.when.called_with(UserName=user_name).should.throw(
iam_client.exceptions.NoSuchEntityException
)
iam_client.list_access_keys.when.called_with(UserName=user_name).should.throw(
iam_client.exceptions.NoSuchEntityException
)
@mock_iam
@mock_cloudformation
def test_iam_cloudformation_delete_users_access_key():
@ -1055,13 +1002,15 @@ def test_iam_cloudformation_delete_users_access_key():
for resource in provisioned_resources
if resource["LogicalResourceId"] == "TheAccessKey"
]
len(provisioned_access_keys).should.equal(1)
provisioned_access_keys.should.have.length_of(1)
access_key_id = provisioned_access_keys[0]["PhysicalResourceId"]
iam_client = boto3.client("iam", region_name="us-east-1")
user = iam_client.get_user(UserName=user_name)["User"]
user["UserName"].should.equal(user_name)
access_keys = iam_client.list_access_keys(UserName=user_name)
access_keys["AccessKeyMetadata"][0]["UserName"].should.equal(user_name)
access_key_id.should.equal(access_keys["AccessKeyMetadata"][0]["AccessKeyId"])
cf_client.delete_stack(StackName=stack_name)