github.com/mweagle/Sparta@v1.15.0/aws/iam/builder/build_test.go

github.com/mweagle/Sparta@v1.15.0/aws/iam/builder/build_test.go (about)

     1  package iambuilder
     2  
     3  import (
     4  	"encoding/json"
     5  	"fmt"
     6  	"io/ioutil"
     7  	"reflect"
     8  	"testing"
     9  
    10  	sparta "github.com/mweagle/Sparta"
    11  )
    12  
    13  // Set of iamBuilders whose output is required to match the corresponding
    14  // test{N}.json file in the same directory
    15  var iamBuilders = []sparta.IAMRolePrivilege{
    16  	Allow("ssm:GetParameter").
    17  		ForResource().
    18  		Literal("arn:aws:ssm:").
    19  		Region(":").
    20  		AccountID(":").
    21  		Literal("parameter/SpartaHelloWorld-Discovery").
    22  		ToPrivilege(),
    23  	Allow("ssm:GetParameter").
    24  		ForResource().
    25  		Literal("arn:aws:ssm:").
    26  		Region().
    27  		AccountID().
    28  		Literal("parameter/SpartaHelloWorld-Discovery").
    29  		ToPrivilege(),
    30  	Allow("sts:AssumeRole").
    31  		ForPrincipals("ecs-tasks.amazonaws.com").
    32  		ToPrivilege(),
    33  }
    34  
    35  func ExampleIAMResourceBuilder_ssm() {
    36  	Allow("ssm:GetParameter").ForResource().
    37  		Literal("arn:aws:ssm:").
    38  		Region(":").
    39  		AccountID(":").
    40  		Literal("parameter/SpartaHelloWorld-Discovery").
    41  		ToPrivilege()
    42  }
    43  
    44  func ExampleIAMResourceBuilder_s3() {
    45  	Allow("s3:GetObject").ForResource().
    46  		Literal("arn:aws:s3:::").
    47  		Ref("MyDynamicS3Bucket").
    48  		Literal("/*").
    49  		ToPrivilege()
    50  }
    51  
    52  func ExampleIAMResourceBuilder_lambdaarn() {
    53  	Allow("s3:GetObject").ForResource().
    54  		Literal("arn:aws:s3:::").
    55  		Ref("MyDynamicS3Bucket").
    56  		Literal("/*").
    57  		ToPrivilege()
    58  }
    59  
    60  func TestIAMBuilder(t *testing.T) {
    61  	for eachIndex, eachBuilder := range iamBuilders {
    62  		testFile := fmt.Sprintf("test%d.json", eachIndex)
    63  		readFile, readFileErr := ioutil.ReadFile(testFile)
    64  		if readFileErr != nil {
    65  			t.Fatalf("Failed to read file: %s", testFile)
    66  		}
    67  		builderJSON, builderJSONErr := json.Marshal(eachBuilder)
    68  		if builderJSONErr != nil {
    69  			t.Fatalf("Failed to marshal JSON : %s", builderJSONErr)
    70  		}
    71  		var expected map[string]interface{}
    72  		expectedUnmarshalErr := json.Unmarshal(readFile, &expected)
    73  		if expectedUnmarshalErr != nil {
    74  			t.Fatalf("Failed to unmarshal JSON : %s", expectedUnmarshalErr)
    75  		}
    76  		var generated map[string]interface{}
    77  		decodedUnmarshalErr := json.Unmarshal(builderJSON, &generated)
    78  		if decodedUnmarshalErr != nil {
    79  			t.Fatalf("Failed to unmarshal JSON : %s", decodedUnmarshalErr)
    80  		}
    81  		equal := reflect.DeepEqual(expected, generated)
    82  		if !equal {
    83  			t.Fatalf("Failed to verify output for test: %d\nGENERATED:%#v\nEXPECTED: %#v",
    84  				eachIndex,
    85  				generated,
    86  				expected)
    87  		}
    88  	}
    89  }