IAM_ROLE_NOT_USED #5
Conversation
Initial Push for IAM_ROLE_NOT_USED
|
Re-open IAM_ROLE_NOT_USED |
| "SourceRuntime": "python3.6-lib", | ||
| "CodeKey": "IAM_ROLE_NOT_USED.zip", | ||
| "InputParameters": "{\"DaysBeforeUnused\": 90}", | ||
| "OptionalParameters": "{}", |
There was a problem hiding this comment.
I meant:
"OptionalParameters": "{\"DaysBeforeUnused\": \"\"}",
|
|
||
|
|
||
| import json | ||
|
|
| import json | ||
|
|
||
| from datetime import datetime, timezone | ||
|
|
| from datetime import datetime, timezone | ||
|
|
||
| from rdklib import Evaluator, Evaluation, ConfigRule, ComplianceType, InvalidParametersError | ||
|
|
| RESOURCE_TYPE = 'AWS::IAM::Role' | ||
| PAGE_SIZE = 20 | ||
| DEFAULT_DAYS = 90 | ||
|
|
| return evaluations | ||
|
|
||
| def evaluate_parameters(self, rule_parameters): | ||
| if 'DaysBeforeUnused' not in rule_parameters: |
There was a problem hiding this comment.
No, you stated it is optional. You should not make it mandatory.
| else: | ||
| evaluations.append(Evaluation(ComplianceType.NON_COMPLIANT, | ||
| username, RESOURCE_TYPE, | ||
| annotation="Ensure that no AWS IAM Role is unused and make an action if unused (e.g. delete the user).")) |
There was a problem hiding this comment.
Annotation should be focusing on explaning the situation, to help on resolution.
"This AWS IAM Role has not been used within the last {} day(s)".format(_rule_param_)
| @patch.object(CLIENT_FACTORY, 'build_client', MagicMock(side_effect=mock_get_client)) | ||
| class ComplianceTest(unittest.TestCase): | ||
|
|
||
| def test_compliance(self): |
There was a problem hiding this comment.
need to follow the naming convention.
|
|
||
| def test_compliance(self): | ||
| rule_parameters = {"DaysBeforeUnused": "90"} | ||
| rule_parameters = RULE.evaluate_parameters(rule_parameters) |
There was a problem hiding this comment.
test evaluate parameter separately.
There was a problem hiding this comment.
Added another testcase for evaluating rule parameters
| "SourceRuntime": "python3.6-lib", | ||
| "CodeKey": "IAM_ROLE_NOT_USED.zip", | ||
| "InputParameters": "{\"DaysBeforeUnused\": 90}", | ||
| "OptionalParameters": "{}", |
There was a problem hiding this comment.
I meant:
"OptionalParameters": "{\"DaysBeforeUnused\": \"\"}",
Initial Push for IAM_ROLE_NOT_USED
I confirm these files are made available under CC0 1.0 Universal (https://creativecommons.org/publicdomain/zero/1.0/legalcode)
Issue #, if available:
Description of changes: