mirror of
https://github.com/awslabs/iam-policy-autopilot.git
synced 2026-04-25 16:05:58 +03:00
[GH-ISSUE #71] Test exhaustively by creating test input files from SDK model #145
Labels
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/iam-policy-autopilot#145
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @mschlaipfer on GitHub (Dec 11, 2025).
Original GitHub issue: https://github.com/awslabs/iam-policy-autopilot/issues/71
To test extraction exhaustively we should generate input files from the SDK model underlying the extractor to check that we extract all methods.
I.e., for all operations: get the operation in the botocore model, generate a Python, Go, etc. file that sets up the call, including all required inputs, and import statements (if applicable depending on the language), and checks that after extraction we have the expected operation in the
SdkMethodCall.As an improvement, we can look up the
AuthorizedActionsin the service reference for the operation we are testing to check that the final policy contains all the expected actions given an initial operation. If we had had this, this would have prevented https://github.com/awslabs/iam-policy-autopilot/issues/66@mschlaipfer commented on GitHub (Dec 11, 2025):
Even a simpler version, just starting from enrichment using the method names (i.e.,
snake_case(SdkModelOperationName)for Python andSdkModelOperationNamefor other languages) and checking that the policy has all authorized actions would have been sufficient to prevent https://github.com/awslabs/iam-policy-autopilot/issues/66.