def test_mfacredentialfetcher__durationseconds_can_be_provided(
future_time, source_credentials):
response = {
'Credentials': {
'AccessKeyId': 'foo',
'SecretAccessKey': 'bar',
'SessionToken': 'baz',
'Expiration': future_time.isoformat(),
},
}
client_creator = create_client_creator(with_response=response)
refresher = awscli_plugin.MfaCredentialFetcher(
client_creator,
source_credentials,
extra_args={
'SerialNumber':
'arn:aws:iam::123456789012:mfa/[email protected]',
'DurationSeconds': 1234,
},
mfa_prompter=prompter,
)
refresher.fetch_credentials()
client = client_creator.return_value
assert client.get_session_token.call_args_list == [
mock.call(
SerialNumber='arn:aws:iam::123456789012:mfa/[email protected]',
DurationSeconds=1234,
TokenCode='123456',
),
]
def test_mfacredentialfetcher__retrieves_from_cache(source_credentials):
date_in_future = datetime.utcnow() + timedelta(seconds=1000)
utc_timestamp = date_in_future.isoformat() + 'Z'
cache_key = 'fd031790cd3ad1181b0ebf9d7dfafdba7e760414'
cache = {
cache_key: {
'Credentials': {
'AccessKeyId': 'foo-cached',
'SecretAccessKey': 'bar-cached',
'SessionToken': 'baz-cached',
'Expiration': utc_timestamp,
},
},
}
client_creator = mock.Mock()
refresher = awscli_plugin.MfaCredentialFetcher(
client_creator,
source_credentials,
extra_args={
'SerialNumber':
'arn:aws:iam::123456789012:mfa/[email protected]'
},
mfa_prompter=prompter,
cache=cache,
)
expected_response = get_expected_creds_from_response(cache[cache_key])
response = refresher.fetch_credentials()
assert response == expected_response
assert client_creator.call_args_list == []
def test_mfacredentialfetcher__cache_key_is_windows_safe(
future_time, source_credentials):
response = {
'Credentials': {
'AccessKeyId': 'foo',
'SecretAccessKey': 'bar',
'SessionToken': 'baz',
'Expiration': future_time.isoformat(),
},
}
cache = {}
client_creator = create_client_creator(with_response=response)
refresher = awscli_plugin.MfaCredentialFetcher(
client_creator,
source_credentials,
extra_args={
'SerialNumber':
'arn:aws:iam::123456789012:mfa/[email protected]'
},
mfa_prompter=prompter,
cache=cache,
)
refresher.fetch_credentials()
# On windows, you cannot use a a ':' in the filename, so
# we need to make sure that it doesn't make it into the cache key.
cache_key = 'fd031790cd3ad1181b0ebf9d7dfafdba7e760414'
assert cache_key in cache
assert cache[cache_key] == response
def test_mfacredentialfetcher__in_cache_but_expired(future_time,
source_credentials):
response = {
'Credentials': {
'AccessKeyId': 'foo',
'SecretAccessKey': 'bar',
'SessionToken': 'baz',
'Expiration': future_time.isoformat(),
},
}
client_creator = create_client_creator(with_response=response)
cache_key = 'fd031790cd3ad1181b0ebf9d7dfafdba7e760414'
cache = {
cache_key: {
'Credentials': {
'AccessKeyId': 'foo',
'SecretAccessKey': 'bar',
'SessionToken': 'baz',
'Expiration': datetime.now(tzlocal()),
},
},
}
refresher = awscli_plugin.MfaCredentialFetcher(
client_creator,
source_credentials,
extra_args={
'SerialNumber':
'arn:aws:iam::123456789012:mfa/[email protected]'
},
mfa_prompter=prompter,
cache=cache,
)
expected_response = get_expected_creds_from_response(response)
response = refresher.fetch_credentials()
assert response == expected_response
def test_mfacredentialfetcher__datetime(future_time, source_credentials):
response = {
'Credentials': {
'AccessKeyId': 'foo',
'SecretAccessKey': 'bar',
'SessionToken': 'baz',
'Expiration': future_time, # NOTE: no isoformat()
},
}
client_creator = create_client_creator(with_response=response)
refresher = awscli_plugin.MfaCredentialFetcher(
client_creator,
source_credentials,
extra_args={
'SerialNumber':
'arn:aws:iam::123456789012:mfa/[email protected]'
},
mfa_prompter=prompter,
)
expected_response = get_expected_creds_from_response(response)
response = refresher.fetch_credentials()
assert response == expected_response