adding tests; currently broken

Author: aengelas

stacker_blueprints/iam_roles.py

@@ -228,26 +228,22 @@ def create_template(self):
 
         self.create_policy()
 
-class IAMRole(RoleBaseBlueprint):
+
+class IAMRole(Blueprint):
     """
     Blueprint to create an IAM role.
 
     - class_path: stacker_blueprints.iam_roles.IAMRole
       name: my-role
         variables:
-          AttachedPolicies:
-          - arn:aws:iam::aws:policy/CloudWatchLogsFullAccess
           Name: myRole
           Path: /
+          AttachedPolicies:
+            - arn:aws:iam::aws:policy/CloudWatchLogsFullAccess
           AssumeRole:
-            - arn:aws:user/alphonse
+            - arn:aws:iam::123456789012:user/JohnDoe
     """
     VARIABLES = {
-        "AttachedPolicies": {
-            "type": list,
-            "description": "List of ARNs of policies to attach",
-            "default": [],
-        },
         "Name": {
             "type": str,
             "description": "The name of the role",
@@ -258,37 +254,43 @@ class IAMRole(RoleBaseBlueprint):
             "description": "Provide the path",
             "default": "/",
         },
+        "AttachedPolicies": {
+            "type": list,
+            "description": "List of ARNs of policies to attach",
+            "default": [],
+        },
         "AssumeRole": {
             "type": list,
             "description": "List of ARNs of entities allowed to assume this role",
             "default": [],
         },
     }
 
-    def create_role(self, name, assumerole_policy):
+    def create_template(self):
         variables = self.get_variables()
 
-        role = t.add_resource(
+        ar_policy = iam.Policy(
+            Statement=[
+                iam.Statement(
+                    Effect='Allow',
+                    Principal=p,
+                ) for p in variables['AssumeRole']
+            ]
+        )
+
+        role = self.template.add_resource(
             iam.Role(
-                name,
+                variables['Name'],
                 Path=variables['Path'],
-                AssumeRolePolicyDocument=assumerole_policy,
                 ManagedPolicyArns=variables['AttachedPolicies'],
+                AssumeRolePolicyDocument=ar_policy,
             )
         )
 
-        t.add_output(
+        self.template.add_output(
             Output(name + "RoleName", Value=Ref(role))
         )
 
-        t.add_output(
+        self.template.add_output(
             Output(name + "RoleArn", Value=GetAtt(role.title, "Arn"))
         )
-
-        self.roles.append(role)
-        return role
-
-    def create_template(self):
-        variables = self.get_variables()
-        self.create_ec2_role(variables["Name"])
-        self.create_policy(variables["Name"])

tests/test_iam_roles.py

@@ -88,3 +88,31 @@ def test_role_name(self):
         blueprint.resolve_variables(self.generate_variables())
         blueprint.create_template()
         self.assertRenderedBlueprint(blueprint)
+
+
+class TestIamRoleBlueprint(TestIamRolesCommon):
+
+    def test_role(self):
+        self.common_variables = {
+            'AttachedPolicies': [
+                'arn:aws:iam::aws:policy/CloudWatchLogsFullAccess'
+            ],
+            'Path': '/',
+        }
+        blueprint = self.create_blueprint('test_iam_roles_ec2_role', class_name=iam_roles.IAMRole)
+        blueprint.resolve_variables(self.generate_variables())
+        blueprint.create_template()
+        self.assertRenderedBlueprint(blueprint)
+
+    def test_role_name(self):
+        self.common_variables = {
+            'AttachedPolicies': [
+                'arn:aws:iam::aws:policy/CloudWatchLogsFullAccess'
+            ],
+            'Name': 'myRole',
+            'Path': '/',
+        }
+        blueprint = self.create_blueprint('test_iam_roles_ec2_role_name', class_name=iam_roles.IAMRole)
+        blueprint.resolve_variables(self.generate_variables())
+        blueprint.create_template()
+        self.assertRenderedBlueprint(blueprint)