Implement ApplicationPolicy class and add unit tests (#6)

* Implement ApplicationPolicy class and add unit tests

Author: paoptu023

serverlessrepo/application_policy.py

@@ -1,34 +1,68 @@
+import re
+
+from .exceptions import InvalidApplicationPolicyError
+
+
 class ApplicationPolicy(object):
     """
     Class representing SAR application policy
     """
 
     # Supported actions for setting SAR application permissions
     GET_APPLICATION = 'GetApplication'
+    LIST_APPLICATION_DEPENDENCIES = 'ListApplicationDependencies'
     CREATE_CLOUD_FORMATION_CHANGE_SET = 'CreateCloudFormationChangeSet'
     CREATE_CLOUD_FORMATION_TEMPLATE = 'CreateCloudFormationTemplate'
     LIST_APPLICATION_VERSIONS = 'ListApplicationVersions'
     SEARCH_APPLICATIONS = 'SearchApplications'
     DEPLOY = 'Deploy'
 
+    SUPPORTED_ACTIONS = [
+        GET_APPLICATION,
+        LIST_APPLICATION_DEPENDENCIES,
+        CREATE_CLOUD_FORMATION_CHANGE_SET,
+        CREATE_CLOUD_FORMATION_TEMPLATE,
+        LIST_APPLICATION_VERSIONS,
+        SEARCH_APPLICATIONS,
+        DEPLOY
+    ]
+
+    _PRINCIPAL_PATTERN = re.compile(r'^([0-9]{12}|\*)$')
+
     def __init__(self, principals, actions):
         """
         Initializes the object given the principals and actions
 
-        :param principals: Comma-separated list of AWS account IDs, or *
-        :type principals: str
-        :param actions: Comma-separated list of actions supported by SAR
-        :type actions: str
+        :param principals: List of AWS account IDs, or *
+        :type principals: list of str
+        :param actions: List of actions supported by SAR
+        :type actions: list of str
         """
         self.principals = principals
         self.actions = actions
 
-    def is_valid(self):
+    def validate(self):
         """
         Checks if the formats of principals and actions are valid
 
         :return: True, if the policy is valid
+        :raises: InvalidApplicationPolicyError
         """
+        if not self.principals:
+            raise InvalidApplicationPolicyError(error_message='principals not provided')
+
+        if not self.actions:
+            raise InvalidApplicationPolicyError(error_message='actions not provided')
+
+        if any(not self._PRINCIPAL_PATTERN.match(p) for p in self.principals):
+            raise InvalidApplicationPolicyError(
+                error_message='principal should be 12-digit accountId or "*"')
+
+        unsupported_actions = sorted(set(self.actions) - set(self.SUPPORTED_ACTIONS))
+        if len(unsupported_actions):
+            raise InvalidApplicationPolicyError(
+                error_message='{} not supported'.format(', '.join(unsupported_actions)))
+
         return True
 
     def to_statement(self):
@@ -38,4 +72,7 @@ def to_statement(self):
         :return: Dictionary containing Actions and Principals
         :rtype: dict
         """
-        pass
+        return {
+            'Principals': self.principals,
+            'Actions': self.actions
+        }

serverlessrepo/exceptions.py

@@ -23,3 +23,10 @@ class ApplicationMetadataNotFoundError(ServerlessRepoError):
     Raised when application metadata is not found
     """
     MESSAGE = "Application metadata not found in the SAM template: '{error_message}'"
+
+
+class InvalidApplicationPolicyError(ServerlessRepoError):
+    """
+    Raised when invalid application policy is provided
+    """
+    MESSAGE = "Invalid application policy: '{error_message}'"

tests/unit/test_application_policy.py

@@ -0,0 +1,62 @@
+from unittest import TestCase
+
+from serverlessrepo.application_policy import ApplicationPolicy
+from serverlessrepo.exceptions import InvalidApplicationPolicyError
+
+
+class TestApplicationPolicy(TestCase):
+
+    def test_init(self):
+        app_policy = ApplicationPolicy(['1', '2'], ['a', 'b'])
+        self.assertEqual(app_policy.principals, ['1', '2'])
+        self.assertEqual(app_policy.actions, ['a', 'b'])
+
+    def test_valid_principals_actions(self):
+        principals = ['123456789011', '*']
+        actions = [ApplicationPolicy.DEPLOY, ApplicationPolicy.GET_APPLICATION]
+        app_policy = ApplicationPolicy(principals, actions)
+        self.assertTrue(app_policy.validate())
+
+    def test_empty_principals(self):
+        app_policy = ApplicationPolicy([], [ApplicationPolicy.DEPLOY])
+        with self.assertRaises(InvalidApplicationPolicyError) as context:
+            app_policy.validate()
+
+        message = str(context.exception)
+        expected = 'principals not provided'
+        self.assertTrue(expected in message)
+
+    def test_not_12_digits_principals(self):
+        app_policy = ApplicationPolicy(['123'], [ApplicationPolicy.DEPLOY])
+        with self.assertRaises(InvalidApplicationPolicyError) as context:
+            app_policy.validate()
+
+        message = str(context.exception)
+        expected = 'principal should be 12-digit number or "*"'
+        self.assertTrue(expected in message)
+
+    def test_empty_actions(self):
+        app_policy = ApplicationPolicy(['123456789012'], [])
+        with self.assertRaises(InvalidApplicationPolicyError) as context:
+            app_policy.validate()
+
+        message = str(context.exception)
+        expected = 'actions not provided'
+        self.assertTrue(expected in message)
+
+    def test_not_supported_actions(self):
+        app_policy = ApplicationPolicy(['123456789012'], ['RandomActionA', 'RandomActionB'])
+        with self.assertRaises(InvalidApplicationPolicyError) as context:
+            app_policy.validate()
+
+        message = str(context.exception)
+        expected = 'RandomActionA, RandomActionB not supported'
+        self.assertTrue(expected in message)
+
+    def test_to_statement(self):
+        app_policy = ApplicationPolicy(['1', '2'], ['actionA', 'actionB'])
+        expected_statement = {
+            'Principals': ['1', '2'],
+            'Actions': ['actionA', 'actionB']
+        }
+        self.assertEqual(app_policy.to_statement(), expected_statement)