@Test public void testAutoSuggestion() throws Exception { ListRolesRequest request = new ListRolesRequest().withMaxItems(1000); Role role1 = new Role().withRoleName("foobar1"); Role role2 = new Role().withRoleName("afoobar"); Role role3 = new Role().withRoleName("foooobar"); ListRolesResult mockResult = new ListRolesResult(); mockResult.withRoles(role1, role2, role3); when(mockClient.listRoles(request)).thenReturn(mockResult); List<Principal> list = partiallyMockedPrincipalAutoSuggestion.autoSuggestion("foobar"); assertEquals(list.size(), 2); assertEquals(list.get(0).name, "foobar1"); assertEquals(list.get(1).name, "afoobar"); verify(mockClient, times(1)).listRoles(request); }
@Test public void testAutoSuggestionCaseInsensitive() throws Exception { ListRolesRequest request = new ListRolesRequest().withMaxItems(1000); Role lowercase = new Role().withRoleName("foobar"); Role uppercase = new Role().withRoleName("FOOBAR"); Role mixedCase = new Role().withRoleName("FooBar"); ListRolesResult mockResult = new ListRolesResult(); mockResult.withRoles(lowercase, uppercase, mixedCase); when(mockClient.listRoles(request)).thenReturn(mockResult); List<Principal> list = partiallyMockedPrincipalAutoSuggestion.autoSuggestion("fOOb"); assertEquals(list.size(), 3); assertEquals(list.get(0).name, "foobar"); assertEquals(list.get(1).name, "FOOBAR"); assertEquals(list.get(2).name, "FooBar"); }
@Test public void testCheck() throws Exception { when(accountIdSupplierMock.get()).thenReturn(newHashSet(ACCOUNT_ID)); when(jobsPropertiesMock.getManagementAccount()).thenReturn(MANAGEMENT_ACCOUNT); when(mockAmazonIdentityManagementClient.listRoles(any(ListRolesRequest.class))).thenReturn(mockListRolesResult); final CrossAccountPolicyForIAMJob crossAccountPolicyForIAMJob = new CrossAccountPolicyForIAMJob( violationSinkMock, clientProviderMock, accountIdSupplierMock, jobsPropertiesMock, mock(JobExceptionHandler.class)); crossAccountPolicyForIAMJob.run(); verify(accountIdSupplierMock).get(); verify(clientProviderMock).getClient(any(), any(String.class), any(Region.class)); verify(mockAmazonIdentityManagementClient).listRoles(any(ListRolesRequest.class)); verify(jobsPropertiesMock, atLeastOnce()).getManagementAccount(); verify(violationSinkMock, times(1)).put(argThat(ViolationMatchers.hasType(CROSS_ACCOUNT_ROLE))); }
public List<Principal> autoSuggestion(final String name) { if (name.length() >= 3) { String lowerCaseName = name.toLowerCase(); ListRolesRequest listRolesRequest = new ListRolesRequest(); listRolesRequest.withMaxItems(1000); ListRolesResult result = client.listRoles(listRolesRequest); List<Principal> tmp = result.getRoles().stream() .filter(p -> p.getRoleName().toLowerCase().contains(lowerCaseName)) .map(p -> new Principal(PrincipalType.ROLE, p.getRoleName())).collect(Collectors.toList()); return tmp.subList(0, Math.min(5, tmp.size())); } return new ArrayList<>(); }
private static void cleanUpIAM(Regions testRegion, String testResourcePrefix, Date createdBeforeThreshold, AWSCredentialsProvider awsCredentials) { AmazonIdentityManagement iamClient = AmazonIdentityManagementClientBuilder.standard() .withCredentials(awsCredentials) .withRegion(testRegion) .build(); IAMPolicyManager iamPolicyManager = IAMPolicyManager.fromCredentials(awsCredentials, new ClientConfiguration()); LOG.info("Cleaning IAM policies..."); ListPoliciesRequest listPoliciesRequest = new ListPoliciesRequest().withPathPrefix(IAMPolicyManager.PATH_PREFIX); List<Policy> policies = iamClient.listPolicies(listPoliciesRequest).getPolicies(); for (Policy policy: policies) { if (policy.getPolicyName().startsWith(testResourcePrefix) && policy.getCreateDate().before(createdBeforeThreshold)) { LOG.info("Cleaning up policy: " + policy.getPolicyName()); IAMPolicyName iamPolicyName = IAMPolicyName.fromString(policy.getPolicyName()); iamPolicyManager.detachAllPrincipals(iamPolicyName.group); DeletePolicyRequest deletePolicyRequest = new DeletePolicyRequest().withPolicyArn(policy.getArn()); iamClient.deletePolicy(deletePolicyRequest); } } LOG.info("Cleaning IAM roles created for the assume role tests..."); ListRolesRequest listRolesRequest = new ListRolesRequest().withPathPrefix(IAMHelper.PATH); List<Role> roles = iamClient.listRoles(listRolesRequest).getRoles(); for (Role role: roles) { if (role.getRoleName().startsWith(AssumedRoleTestContext.ROLE_PREFIX) && role.getCreateDate().before(createdBeforeThreshold)) { LOG.info("Cleaning up role: " + role.getRoleName()); DeleteRoleRequest deleteRoleRequest = new DeleteRoleRequest().withRoleName(role.getRoleName()); iamClient.deleteRole(deleteRoleRequest); } } }
@Test public void testAutoSuggestionShortName() throws Exception { // Won't call the list method if less than 3 chars. ListRolesRequest request = new ListRolesRequest().withMaxItems(1000); List<Principal> list = partiallyMockedPrincipalAutoSuggestion.autoSuggestion("fo"); assertTrue(list.isEmpty()); verify(mockClient, never()).listRoles(request); }
@Override public List<AbstractResource<?>> listRoles(Account account, DateTime dt) { AmazonIdentityManagement iam = findClient(account); ListRolesRequest req = new ListRolesRequest(); log.debug("start list roles for account:{} via api", account.getId() + "=>" + account.getName()); ListRolesResult res = iam.listRoles(req); return converter.toIamRoles(res.getRoles(), account.getId(), dt); }
@Override public RoleCollection getRoles() { return getRoles((ListRolesRequest)null); }
@Override public RoleCollection getRoles(ListRolesRequest request) { ResourceCollectionImpl result = service.getCollection("Roles", request); if (result == null) return null; return new RoleCollectionImpl(result); }
/** * Retrieves the Roles collection referenced by this resource. */ RoleCollection getRoles(ListRolesRequest request);
