From d20a9df1f060b57c57e6b472469de973b7407d71 Mon Sep 17 00:00:00 2001 From: Alec Rajeev Date: Mon, 18 Feb 2019 22:18:26 -0600 Subject: [PATCH] Added unit test for service role that exists (#704) --- stacker/tests/hooks/test_iam.py | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/stacker/tests/hooks/test_iam.py b/stacker/tests/hooks/test_iam.py index 1db390ab8..d194f4f06 100644 --- a/stacker/tests/hooks/test_iam.py +++ b/stacker/tests/hooks/test_iam.py @@ -13,6 +13,8 @@ _get_cert_arn_from_response, ) +from awacs.helpers.trust import get_ecs_assumerole_policy + from ..factories import ( mock_context, mock_provider, @@ -22,8 +24,8 @@ REGION = "us-east-1" # No test for stacker.hooks.iam.ensure_server_cert_exists until -# this PR is accepted in moto: -# https://github.com/spulec/moto/pull/679 +# updated version of moto is imported +# (https://github.com/spulec/moto/pull/679) merged class TestIAMHooks(unittest.TestCase): @@ -71,3 +73,29 @@ def test_create_service_role(self): RoleName=role_name, PolicyName=policy_name ) + + def test_create_service_role_already_exists(self): + role_name = "ecsServiceRole" + policy_name = "AmazonEC2ContainerServiceRolePolicy" + with mock_iam(): + client = boto3.client("iam", region_name=REGION) + client.create_role( + RoleName=role_name, + AssumeRolePolicyDocument=get_ecs_assumerole_policy().to_json() + ) + + self.assertTrue( + create_ecs_service_role( + context=self.context, + provider=self.provider, + ) + ) + + role = client.get_role(RoleName=role_name) + + self.assertIn("Role", role) + self.assertEqual(role_name, role["Role"]["RoleName"]) + client.get_role_policy( + RoleName=role_name, + PolicyName=policy_name + )