Best Python code snippet using localstack_python
verify_env.py
Source:verify_env.py
...165 # Add inline policies166 policy_list.extend(get_inline_policies(iam_client, input_env['ExecutionRoleArn'].split("/")[-1]))167 if "KmsKey" in input_env:168 print('Found Customer managed CMK')169 eval_results = eval_results + iam_client.simulate_custom_policy(170 PolicyInputList=policy_list,171 ActionNames=[172 "airflow:PublishMetrics"173 ],174 ResourceArns=[175 input_env['Arn']176 ]177 )['EvaluationResults']178 # this next test should be denied179 eval_results = eval_results + iam_client.simulate_custom_policy(180 PolicyInputList=policy_list,181 ActionNames=[182 "s3:ListAllMyBuckets"183 ],184 ResourceArns=[185 input_env['SourceBucketArn'],186 input_env['SourceBucketArn'] + '/'187 ]188 )['EvaluationResults']189 eval_results = eval_results + iam_client.simulate_custom_policy(190 PolicyInputList=policy_list,191 ActionNames=[192 "s3:GetObject*",193 "s3:GetBucket*",194 "s3:List*"195 ],196 ResourceArns=[197 input_env['SourceBucketArn'],198 input_env['SourceBucketArn'] + '/'199 ]200 )['EvaluationResults']201 eval_results = eval_results + iam_client.simulate_custom_policy(202 PolicyInputList=policy_list,203 ActionNames=[204 "logs:CreateLogStream",205 "logs:CreateLogGroup",206 "logs:PutLogEvents",207 "logs:GetLogEvents",208 "logs:GetLogGroupFields"209 ],210 ResourceArns=[211 "arn:aws:logs:" + REGION + ":" + account_id + ":log-group:airflow-" + ENV_NAME + "-*"212 ]213 )['EvaluationResults']214 eval_results = eval_results + iam_client.simulate_custom_policy(215 PolicyInputList=policy_list,216 ActionNames=[217 "logs:DescribeLogGroups"218 ],219 ResourceArns=[220 "*"221 ]222 )['EvaluationResults']223 eval_results = eval_results + iam_client.simulate_custom_policy(224 PolicyInputList=policy_list,225 ActionNames=[226 "cloudwatch:PutMetricData"227 ],228 ResourceArns=[229 "*"230 ]231 )['EvaluationResults']232 eval_results = eval_results + iam_client.simulate_custom_policy(233 PolicyInputList=policy_list,234 ActionNames=[235 "sqs:ChangeMessageVisibility",236 "sqs:DeleteMessage",237 "sqs:GetQueueAttributes",238 "sqs:GetQueueUrl",239 "sqs:ReceiveMessage",240 "sqs:SendMessage"241 ],242 ResourceArns=[243 "arn:aws:sqs:" + REGION + ":*:airflow-celery-*"244 ]245 )['EvaluationResults']246 eval_results = eval_results + iam_client.simulate_custom_policy(247 PolicyInputList=policy_list,248 ActionNames=[249 "kms:GenerateDataKey*"250 ],251 ResourceArns=[252 input_env['KmsKey']253 ],254 ContextEntries=[255 {256 'ContextKeyName': 'kms:viaservice',257 'ContextKeyValues': [258 's3.' + REGION + '.amazonaws.com'259 ],260 'ContextKeyType': 'string'261 }262 ],263 )['EvaluationResults']264 eval_results = eval_results + iam_client.simulate_custom_policy(265 PolicyInputList=policy_list,266 ActionNames=[267 "kms:GenerateDataKey*"268 ],269 ResourceArns=[270 input_env['KmsKey']271 ],272 ContextEntries=[273 {274 'ContextKeyName': 'kms:viaservice',275 'ContextKeyValues': [276 'sqs.' + REGION + '.amazonaws.com',277 ],278 'ContextKeyType': 'string'279 }280 ],281 )['EvaluationResults']282 eval_results = eval_results + iam_client.simulate_custom_policy(283 PolicyInputList=policy_list,284 ActionNames=[285 "kms:Decrypt",286 "kms:DescribeKey",287 "kms:Encrypt"288 ],289 ResourceArns=[290 input_env['KmsKey']291 ],292 ContextEntries=[293 {294 'ContextKeyName': 'kms:viaservice',295 'ContextKeyValues': [296 's3.' + REGION + '.amazonaws.com'297 ],298 'ContextKeyType': 'string'299 }300 ],301 )['EvaluationResults']302 eval_results = eval_results + iam_client.simulate_custom_policy(303 PolicyInputList=policy_list,304 ActionNames=[305 "kms:Decrypt",306 "kms:DescribeKey",307 "kms:Encrypt"308 ],309 ResourceArns=[310 input_env['KmsKey']311 ],312 ContextEntries=[313 {314 'ContextKeyName': 'kms:viaservice',315 'ContextKeyValues': [316 'sqs.' + REGION + '.amazonaws.com'317 ],318 'ContextKeyType': 'string'319 }320 ],321 )['EvaluationResults']322 else:323 print('Using AWS CMK')324 eval_results = eval_results + iam_client.simulate_custom_policy(325 PolicyInputList=policy_list,326 ActionNames=[327 "airflow:PublishMetrics"328 ],329 ResourceArns=[330 input_env['Arn']331 ]332 )['EvaluationResults']333 # this action should be denied334 eval_results = eval_results + iam_client.simulate_custom_policy(335 PolicyInputList=policy_list,336 ActionNames=[337 "s3:ListAllMyBuckets"338 ],339 ResourceArns=[340 input_env['SourceBucketArn'],341 input_env['SourceBucketArn'] + '/'342 ]343 )['EvaluationResults']344 eval_results = eval_results + iam_client.simulate_custom_policy(345 PolicyInputList=policy_list,346 ActionNames=[347 "s3:GetObject*",348 "s3:GetBucket*",349 "s3:List*"350 ],351 ResourceArns=[352 input_env['SourceBucketArn'],353 input_env['SourceBucketArn'] + '/'354 ]355 )['EvaluationResults']356 eval_results = eval_results + iam_client.simulate_custom_policy(357 PolicyInputList=policy_list,358 ActionNames=[359 "logs:CreateLogStream",360 "logs:CreateLogGroup",361 "logs:PutLogEvents",362 "logs:GetLogEvents",363 "logs:GetLogGroupFields"364 ],365 ResourceArns=[366 "arn:aws:logs:" + REGION + ":" + account_id + ":log-group:airflow-" + ENV_NAME + "-*"367 ]368 )['EvaluationResults']369 eval_results = eval_results + iam_client.simulate_custom_policy(370 PolicyInputList=policy_list,371 ActionNames=[372 "logs:DescribeLogGroups"373 ],374 ResourceArns=[375 "*"376 ]377 )['EvaluationResults']378 eval_results = eval_results + iam_client.simulate_custom_policy(379 PolicyInputList=policy_list,380 ActionNames=[381 "cloudwatch:PutMetricData"382 ],383 ResourceArns=[384 "*"385 ]386 )['EvaluationResults']387 eval_results = eval_results + iam_client.simulate_custom_policy(388 PolicyInputList=policy_list,389 ActionNames=[390 "sqs:ChangeMessageVisibility",391 "sqs:DeleteMessage",392 "sqs:GetQueueAttributes",393 "sqs:GetQueueUrl",394 "sqs:ReceiveMessage",395 "sqs:SendMessage"396 ],397 ResourceArns=[398 "arn:aws:sqs:" + REGION + ":*:airflow-celery-*"399 ]400 )['EvaluationResults']401 # tests role to allow any kms all for resources not in this account and that are from the sqs service402 eval_results = eval_results + iam_client.simulate_custom_policy(403 PolicyInputList=policy_list,404 ActionNames=[405 "kms:Decrypt",406 "kms:DescribeKey",407 "kms:Encrypt"408 ],409 ResourceArns=[410 "arn:aws:kms:*:111122223333:key/*"411 ],412 ContextEntries=[413 {414 'ContextKeyName': 'kms:viaservice',415 'ContextKeyValues': [416 'sqs.' + REGION + '.amazonaws.com',417 ],418 'ContextKeyType': 'string'419 }420 ],421 )['EvaluationResults']422 eval_results = eval_results + iam_client.simulate_custom_policy(423 PolicyInputList=policy_list,424 ActionNames=[425 "kms:GenerateDataKey*"426 ],427 ResourceArns=[428 "arn:aws:kms:*:111122223333:key/*"429 ],430 ContextEntries=[431 {432 'ContextKeyName': 'kms:viaservice',433 'ContextKeyValues': [434 'sqs.' + REGION + '.amazonaws.com',435 ],436 'ContextKeyType': 'string'...
test_moc_prometheus_role.py
Source:test_moc_prometheus_role.py
...37 }38 cls.client = boto3.client('iam')39 # http://boto3.readthedocs.io/en/latest/reference/services/iam.html#IAM.Client.simulate_custom_policy40 def test_stop_instance_for_allowed_instance(self):41 response = self.client.simulate_custom_policy(42 PolicyInputList=[self.policies['ControlMOCPrometheusInstance']],43 ActionNames=['ec2:StopInstances'],44 ContextEntries=[45 {46 'ContextKeyName': 'ec2:ResourceTag/TechnicalContact',47 'ContextKeyValues': [48 'moc@mozilla.com',49 ],50 'ContextKeyType': 'string'51 }52 ]53 )54 assert response['EvaluationResults'][0]['EvalDecision'] == 'allowed'55 def test_stop_instance_for_prohibited_instance(self):56 response = self.client.simulate_custom_policy(57 PolicyInputList=[self.policies['ControlMOCPrometheusInstance']],58 ActionNames=['ec2:StopInstances']59 )60 assert response['EvaluationResults'][0]['EvalDecision'] == 'implicitDeny'61 def test_terminate_instance(self):62 response = self.client.simulate_custom_policy(63 PolicyInputList=[self.policies['ControlMOCPrometheusInstance']],64 ActionNames=['ec2:TerminateInstances'],65 ContextEntries=[66 {67 'ContextKeyName': 'ec2:ResourceTag/TechnicalContact',68 'ContextKeyValues': [69 'moc@mozilla.com',70 ],71 'ContextKeyType': 'string'72 }73 ]74 )75 assert response['EvaluationResults'][0]['EvalDecision'] == 'implicitDeny'76 def test_describe_instances(self):77 response = self.client.simulate_custom_policy(78 PolicyInputList=[self.policies['ControlMOCPrometheusInstance']],79 ActionNames=['ec2:DescribeInstances']80 )...
Learn to execute automation testing from scratch with LambdaTest Learning Hub. Right from setting up the prerequisites to run your first automation test, to following best practices and diving deeper into advanced test scenarios. LambdaTest Learning Hubs compile a list of step-by-step guides to help you be proficient with different test automation frameworks i.e. Selenium, Cypress, TestNG etc.
You could also refer to video tutorials over LambdaTest YouTube channel to get step by step demonstration from industry experts.
Get 100 minutes of automation test minutes FREE!!