fixing failing testcases

saikirankv · saikirankv · commit dc5c77375a1b · 2020-11-18T21:00:04.000+05:30
diff --git a/policy_sentry/util/arns.py b/policy_sentry/util/arns.py
@@ -109,7 +109,6 @@ def same_resource_type(self, arn_in_database):
 
         lower_resource_string = list(map(lambda x:x.lower(),split_resource_string_to_test))
         for i in non_empty_arn_format_list:
-            # if i.lower() in [x.lower() for x in split_resource_string_to_test]:
             if i.lower() not in lower_resource_string:
                 return False
 
@@ -130,20 +129,20 @@ def same_resource_type(self, arn_in_database):
 
         # 4. Special type for S3 bucket objects and CodeCommit repos
         # Note: Each service can only have one of these, so these are definitely exceptions
-        exclusion_list = ["${ObjectName}", "${RepositoryName}", "${BucketName}", "table/${TableName}"]
+        exclusion_list = ["${ObjectName}", "${RepositoryName}", "${BucketName}", "table/${TableName}", "${BucketName}/${ObjectName}"]
         resource_path_arn_in_database = elements[5]
         if resource_path_arn_in_database in exclusion_list:
             logger.debug("Special type: %s", resource_path_arn_in_database)
             # handling special case table/${TableName}
-            if resource_string_arn_in_database == "table/${TableName}":
+            if resource_string_arn_in_database in ["table/${TableName}", "${BucketName}"]:
                 if len(self.resource_string.split('/')) == len(elements[5].split('/')):
                     return True
                 else:
                     return False
             # If we've made it this far, then it is a special type
             # return True
             # Presence of / would mean it's an object in both so it matches
-            if "/" in self.resource_string and "/" in elements[5]:
+            elif "/" in self.resource_string and "/" in elements[5]:
                 return True
             # / not being present in either means it's a bucket in both so it matches
             elif "/" not in self.resource_string and "/" not in elements[5]:
diff --git a/test/files/test_gh_204_multiple_resource_types_wildcards.json b/test/files/test_gh_204_multiple_resource_types_wildcards.json
@@ -117,6 +117,7 @@
             "Effect": "Allow",
             "Action": [
                 "rds:AddRoleToDBCluster",
+                "rds:ApplyPendingMaintenanceAction",
                 "rds:BacktrackDBCluster",
                 "rds:CreateDBCluster",
                 "rds:CreateDBClusterEndpoint",
@@ -361,41 +362,42 @@
             "Effect": "Allow",
             "Action": [
                 "rds:DescribeDBClusterBacktracks",
+                "rds:DescribeDBClusterEndpoints",
                 "rds:DescribeDBClusters",
-                "rds:DescribeDBProxyTargets"
+                "rds:DescribeDBProxyTargets",
+                "rds:DescribePendingMaintenanceActions"
             ],
             "Resource": [
                 "arn:aws:rds:us-east-1:123456789012:*:*"
             ]
         },
         {
-            "Sid": "RdsListClusterpg",
+            "Sid": "RdsListClusterendpoint",
             "Effect": "Allow",
             "Action": [
-                "rds:DescribeDBClusterParameterGroups",
-                "rds:DescribeDBClusterParameters"
+                "rds:DescribeDBClusterEndpoints"
             ],
             "Resource": [
                 "arn:aws:rds:us-east-1:123456789012:*:*"
             ]
         },
         {
-            "Sid": "RdsListClustersnapshot",
+            "Sid": "RdsListClusterpg",
             "Effect": "Allow",
             "Action": [
-                "rds:DescribeDBClusterSnapshotAttributes"
+                "rds:DescribeDBClusterParameterGroups",
+                "rds:DescribeDBClusterParameters"
             ],
             "Resource": [
                 "arn:aws:rds:us-east-1:123456789012:*:*"
             ]
         },
         {
-            "Sid": "RdsListPg",
+            "Sid": "RdsListClustersnapshot",
             "Effect": "Allow",
             "Action": [
-                "rds:DescribeDBEngineVersions",
-                "rds:DescribeDBParameterGroups",
-                "rds:DescribeDBParameters"
+                "rds:DescribeDBClusterSnapshotAttributes",
+                "rds:DescribeDBClusterSnapshots"
             ],
             "Resource": [
                 "arn:aws:rds:us-east-1:123456789012:*:*"
@@ -405,6 +407,8 @@
             "Sid": "RdsListDb",
             "Effect": "Allow",
             "Action": [
+                "rds:DescribeDBInstanceAutomatedBackups",
+                "rds:DescribeDBInstances",
                 "rds:DescribeDBLogFiles",
                 "rds:DescribeDBProxyTargets",
                 "rds:DescribeDBSnapshots",
@@ -415,6 +419,17 @@
                 "arn:aws:rds:us-east-1:123456789012:*:*"
             ]
         },
+        {
+            "Sid": "RdsListPg",
+            "Effect": "Allow",
+            "Action": [
+                "rds:DescribeDBParameterGroups",
+                "rds:DescribeDBParameters"
+            ],
+            "Resource": [
+                "arn:aws:rds:us-east-1:123456789012:*:*"
+            ]
+        },
         {
             "Sid": "RdsListProxy",
             "Effect": "Allow",
@@ -478,6 +493,16 @@
                 "arn:aws:rds:us-east-1:123456789012:*:*"
             ]
         },
+        {
+            "Sid": "RdsListGlobalcluster",
+            "Effect": "Allow",
+            "Action": [
+                "rds:DescribeGlobalClusters"
+            ],
+            "Resource": [
+                "arn:aws:rds:us-east-1:123456789012:*:*"
+            ]
+        },
         {
             "Sid": "RdsListOg",
             "Effect": "Allow",
