From 13bb7502717b318fdef7c8d138c193cf38ede7f1 Mon Sep 17 00:00:00 2001 From: Brett Swift Date: Thu, 25 Oct 2018 09:13:48 -0600 Subject: [PATCH 1/2] Flake8 got more picky. Fix it --- cumulus/chain/step.py | 2 +- cumulus/steps/dev_tools/code_build_action.py | 8 ++-- cumulus/types/codebuild/buildaction.py | 40 ++++++++++---------- setup.cfg | 1 + tests/stacker_test/blueprints/s3_bucket.py | 4 +- 5 files changed, 28 insertions(+), 27 deletions(-) diff --git a/cumulus/chain/step.py b/cumulus/chain/step.py index 74f9c70..174c472 100644 --- a/cumulus/chain/step.py +++ b/cumulus/chain/step.py @@ -11,4 +11,4 @@ def __init__(self): def handle(self, chain_context): # type: (chaincontext.ChainContext) -> None - raise NotImplemented("handle must be implemented") + raise NotImplementedError("handle must be implemented") diff --git a/cumulus/steps/dev_tools/code_build_action.py b/cumulus/steps/dev_tools/code_build_action.py index 77923d4..64d184e 100644 --- a/cumulus/steps/dev_tools/code_build_action.py +++ b/cumulus/steps/dev_tools/code_build_action.py @@ -140,10 +140,10 @@ def create_project(self, chain_context, codebuild_role, codebuild_environment, n ) chain_context.template.add_resource(sg) vpc_config = {'VpcConfig': codebuild.VpcConfig( - VpcId=self.vpc_config.vpc_id, - Subnets=self.vpc_config.subnets, - SecurityGroupIds=[Ref(sg)], - )} + VpcId=self.vpc_config.vpc_id, + Subnets=self.vpc_config.subnets, + SecurityGroupIds=[Ref(sg)], + )} project_name = "Project%s" % name diff --git a/cumulus/types/codebuild/buildaction.py b/cumulus/types/codebuild/buildaction.py index 1eeb79b..3cdd691 100644 --- a/cumulus/types/codebuild/buildaction.py +++ b/cumulus/types/codebuild/buildaction.py @@ -9,11 +9,11 @@ def __init__(self, **kwargs): super(SourceS3Action, self).__init__(**kwargs) self.ActionTypeId = troposphere.codepipeline.ActionTypeId( - Category="Source", - Owner="AWS", - Version="1", - Provider='S3', - ) + Category="Source", + Owner="AWS", + Version="1", + Provider='S3', + ) self.RunOrder = "1" @@ -25,11 +25,11 @@ def __init__(self, **kwargs): super(SourceCodeCommitAction, self).__init__(**kwargs) self.ActionTypeId = troposphere.codepipeline.ActionTypeId( - Category="Source", - Owner="AWS", - Version="1", - Provider="CodeCommit", - ) + Category="Source", + Owner="AWS", + Version="1", + Provider="CodeCommit", + ) self.RunOrder = "1" @@ -41,11 +41,11 @@ def __init__(self, **kwargs): super(CodeBuildAction, self).__init__(**kwargs) self.ActionTypeId = troposphere.codepipeline.ActionTypeId( - Category="Build", - Owner="AWS", - Version="1", - Provider="CodeBuild" - ) + Category="Build", + Owner="AWS", + Version="1", + Provider="CodeBuild" + ) self.RunOrder = "1" @@ -57,11 +57,11 @@ def __init__(self, **kwargs): super(LambdaAction, self).__init__(**kwargs) self.ActionTypeId = troposphere.codepipeline.ActionTypeId( - Category="Invoke", - Owner="AWS", - Version="1", - Provider='Lambda', - ) + Category="Invoke", + Owner="AWS", + Version="1", + Provider='Lambda', + ) self.RunOrder = "1" diff --git a/setup.cfg b/setup.cfg index 9e726a7..8e4de00 100644 --- a/setup.cfg +++ b/setup.cfg @@ -15,6 +15,7 @@ replace = __version__ = '{new_version}' universal = 1 [flake8] +ignore = W605 # this is for components/userdata/windows.py exclude = docs max-line-length = 140 diff --git a/tests/stacker_test/blueprints/s3_bucket.py b/tests/stacker_test/blueprints/s3_bucket.py index e16ee97..deeb92f 100644 --- a/tests/stacker_test/blueprints/s3_bucket.py +++ b/tests/stacker_test/blueprints/s3_bucket.py @@ -13,6 +13,6 @@ def create_template(self): t = self.template t.add_resource(Bucket( - "S3Bucket", - BucketName='bswift-int-test-asdf' + "S3Bucket", + BucketName='bswift-int-test-asdf' )) From f266fb608834951a809a1fc03a9767372613e25a Mon Sep 17 00:00:00 2001 From: Brett Swift Date: Thu, 25 Oct 2018 08:45:55 -0600 Subject: [PATCH 2/2] Add convenience method to simply add statements to a Policy --- cumulus/util/policy_mutator.py | 31 +++++++++ tests/unit/util/test_policy_mutator.py | 96 ++++++++++++++++++++++++++ 2 files changed, 127 insertions(+) create mode 100644 cumulus/util/policy_mutator.py create mode 100644 tests/unit/util/test_policy_mutator.py diff --git a/cumulus/util/policy_mutator.py b/cumulus/util/policy_mutator.py new file mode 100644 index 0000000..2e7b048 --- /dev/null +++ b/cumulus/util/policy_mutator.py @@ -0,0 +1,31 @@ +import awacs +import troposphere +from awacs.aws import PolicyDocument # noqa +from troposphere.iam import Policy # noqa + + +class PolicyMutator: + def __init__(self): + pass + + @staticmethod + def add_statement_to_policy(policy, statement): + """ + + :type policy: troposphere.iam.Policy + :type statement: awacs.aws.Statement + """ + if type(policy) is not troposphere.iam.Policy: + raise AssertionError("Expected to find troposphere.iam.Policy but found: %s" % type(policy)) + + if not isinstance(policy.PolicyDocument, awacs.aws.PolicyDocument): + msg = "Expected policy.PolicyDocument to be awacs.aws.PolicyDocument but found: %s" \ + % type(policy.PolicyDocument) + raise AssertionError(msg) + + if not isinstance(statement, awacs.aws.Statement): + msg = "Expected statement to be awacs.aws.Statement but found: %s " % type(statement) + raise AssertionError(msg) + + policy.PolicyDocument.Statement.append(statement) + return policy diff --git a/tests/unit/util/test_policy_mutator.py b/tests/unit/util/test_policy_mutator.py new file mode 100644 index 0000000..9665e37 --- /dev/null +++ b/tests/unit/util/test_policy_mutator.py @@ -0,0 +1,96 @@ +# try: +# #python 3 +# from unittest.mock import patch +# except: +# #python 2 +# from mock import patch + +import unittest + +import awacs +from awacs import aws # noqa +import troposphere +from troposphere import iam + +from cumulus.util.policy_mutator import PolicyMutator + +DEFAULT_STATEMENT_NAME = "DefaultStatement" + + +class TestPolicyMutator(unittest.TestCase): + + def setUp(self): + pass + self.simple_policy = iam.Policy( + PolicyName="TestPolicy", + PolicyDocument=awacs.aws.PolicyDocument( + Version="2012-10-17", + Id="PipelinePolicy", + Statement=[ + awacs.aws.Statement( + Sid=("%s" % DEFAULT_STATEMENT_NAME), + Effect=awacs.aws.Allow, + Action=[awacs.aws.Action("s3", "*")], + Resource=['*'], + ), + ], + ) + ) + + self.dummy_statement = awacs.aws.Statement() + + def tearDown(self): + pass + del self.simple_policy + + def test_should_raise_assertion_error_on_wrong_policy_type(self): + policy = "not what you want" + self.assertRaises( + AssertionError, + PolicyMutator.add_statement_to_policy, + policy, + self.dummy_statement, + ) + + def test_should_raise_assertion_error_if_policydocument_is_not_awacs(self): + policy = troposphere.iam.Policy( + PolicyDocument={} + ) + self.assertRaises( + AssertionError, + PolicyMutator.add_statement_to_policy, + policy, + self.dummy_statement, + ) + + def test_should_raise_assertion_error_on_wrong_statement_type(self): + policy = self.simple_policy + self.assertRaises( + AssertionError, + PolicyMutator.add_statement_to_policy, + policy, + {"statment": "is wrong"}, + ) + + def test_should_add_statement_to_existing_policy(self): + pass + policy = self.simple_policy + lambda_policy_name = 'LambdaPolicy' + statement = awacs.aws.Statement( + Sid=('%s' % lambda_policy_name), + Effect=awacs.aws.Allow, + Action=[ + awacs.aws.Action("lambda", "*") + ], + Resource=["*"] + ) + + found_default = list(filter(lambda x: x.Sid == DEFAULT_STATEMENT_NAME, policy.PolicyDocument.Statement)) + self.assertTrue(found_default, "Did not find the statement I was looking for") + self.assertIsInstance(found_default[0], awacs.aws.Statement) + + policy = PolicyMutator.add_statement_to_policy(policy, statement) + + found_sut = list(filter(lambda x: x.Sid == lambda_policy_name, policy.PolicyDocument.Statement)) + self.assertTrue(found_sut, "Did not find the statement I was looking for") + self.assertIsInstance(found_default[0], awacs.aws.Statement)