|
| 1 | +import re |
| 2 | +from typing import Optional |
| 3 | + |
1 | 4 | import aws_cdk as cdk |
2 | 5 | import pytest |
| 6 | +from aibs_informatics_core.env import EnvBase |
3 | 7 |
|
4 | 8 | from aibs_informatics_cdk_lib.common.aws.iam_utils import ( |
5 | 9 | SECRETSMANAGER_READ_ONLY_ACTIONS, |
6 | 10 | SECRETSMANAGER_READ_WRITE_ACTIONS, |
| 11 | + SQS_FULL_ACCESS_ACTIONS, |
7 | 12 | secretsmanager_policy_statement, |
| 13 | + sqs_policy_statement, |
8 | 14 | ) |
9 | 15 |
|
10 | 16 |
|
@@ -48,3 +54,54 @@ def test__secrets_manager_policy_args(generate_policy_args, expected_resource, e |
48 | 54 | generated_policy_statement = secretsmanager_policy_statement(**generate_policy_args) |
49 | 55 | assert generated_policy_statement.resources == [expected_resource] |
50 | 56 | assert set(generated_policy_statement.actions) == set(expected_actions) |
| 57 | + |
| 58 | + |
| 59 | +@pytest.mark.parametrize( |
| 60 | + "env_base, expected_actions, expected_resource_patterns", |
| 61 | + [ |
| 62 | + pytest.param( |
| 63 | + # env_base |
| 64 | + None, |
| 65 | + # expected_actions |
| 66 | + SQS_FULL_ACCESS_ACTIONS, |
| 67 | + # expected_resource_patterns |
| 68 | + [ |
| 69 | + r"arn:aws:sqs:\$\{Token\[AWS\.Region\.[\d]+\]\}:\$\{Token\[AWS\.AccountId\.[\d]+\]\}:\*:\*" |
| 70 | + ], |
| 71 | + id="Test SQS policystatment (env_base=None)", |
| 72 | + ), |
| 73 | + pytest.param( |
| 74 | + # env_base |
| 75 | + EnvBase("dev"), |
| 76 | + # expected_actions |
| 77 | + SQS_FULL_ACCESS_ACTIONS, |
| 78 | + # expected_resource_patterns |
| 79 | + [ |
| 80 | + r"arn:aws:sqs:\$\{Token\[AWS\.Region\.[\d]+\]\}:\$\{Token\[AWS\.AccountId\.[\d]+\]\}:\*:dev\*" |
| 81 | + ], |
| 82 | + id="Test SQS policystatment (env_base=dev)", |
| 83 | + ), |
| 84 | + pytest.param( |
| 85 | + # env_base |
| 86 | + EnvBase("test"), |
| 87 | + # expected_actions |
| 88 | + SQS_FULL_ACCESS_ACTIONS, |
| 89 | + # expected_resource_patterns |
| 90 | + [ |
| 91 | + r"arn:aws:sqs:\$\{Token\[AWS\.Region\.[\d]+\]\}:\$\{Token\[AWS\.AccountId\.[\d]+\]\}:\*:test\*" |
| 92 | + ], |
| 93 | + id="Test SQS policystatment (env_base=test)", |
| 94 | + ), |
| 95 | + ], |
| 96 | +) |
| 97 | +def test__sqs_policy_statement( |
| 98 | + env_base: Optional[EnvBase], expected_actions, expected_resource_patterns |
| 99 | +): |
| 100 | + obt = sqs_policy_statement(env_base=env_base) |
| 101 | + |
| 102 | + assert expected_actions == obt.actions |
| 103 | + for indx, expected_pattern in enumerate(expected_resource_patterns): |
| 104 | + obt_resource = obt.resources[indx] |
| 105 | + assert re.fullmatch( |
| 106 | + expected_pattern, obt_resource |
| 107 | + ), f"expected_pattern: {expected_pattern}, obt: {obt_resource}" |
0 commit comments