def test_log_handler_parses_assertion(mock_requests_session, argv, prompter,
client_creator, cache_dir, caplog):
session_token = {'sessionToken': 'spam', 'status': 'SUCCESS'}
token_response = mock.Mock(spec=requests.Response,
status_code=200,
text=json.dumps(session_token))
provider_arn = 'arn:aws:iam::123456789012:saml-provider/Example'
role_arn = 'arn:aws:iam::123456789012:role/monty'
saml_assertion = create_assertion(['%s, %s' % (provider_arn, role_arn)])
assertion_form = '<form><input name="SAMLResponse" value="%s"/></form>'
assertion_form = assertion_form % saml_assertion.decode('ascii')
assertion_response = mock.Mock(spec=requests.Response,
status_code=200,
text=assertion_form)
mock_requests_session.post.return_value = token_response
mock_requests_session.get.return_value = assertion_response
argv.append('--verbose')
saml(argv=argv,
prompter=prompter,
client_creator=client_creator,
cache_dir=cache_dir)
decoded_assertion = base64.b64decode(saml_assertion).decode('utf-8')
expected_assertion = xml.dom.minidom.parseString(decoded_assertion)
expected_assertion = expected_assertion.toprettyxml()
expected_log = ('awsprocesscreds.saml', logging.INFO,
'Received the following SAML assertion: \n%s' %
expected_assertion)
assert expected_log in caplog.record_tuples
def test_datetime_cache_is_always_serialized(self, fetcher, cache,
mock_botocore_client,
mock_authenticator):
expiration = datetime.now(tzlocal()) + timedelta(days=1)
mock_botocore_client.assume_role_with_saml.return_value = {
'Credentials': {
'AccessKeyId': 'foo',
'SecretAccessKey': 'bar',
'SessionToken': 'baz',
'Expiration': expiration
},
}
provider_arn = 'arn:aws:iam::123456789012:saml-provider/Example'
role_arn = 'arn:aws:iam::123456789012:role/monty'
saml_assertion = create_assertion(
['%s, %s' % (provider_arn, role_arn)])
retrieve = mock_authenticator.retrieve_saml_assertion
retrieve.return_value = saml_assertion
fetcher.fetch_credentials()
cache_key = '0cebd512540a4f5fe2edce26319cf1cf3138684f'
cache_expiration = cache[cache_key]['Credentials']['Expiration']
assert not isinstance(cache_expiration, datetime)
assert cache_expiration == expiration.isoformat()
def test_cache_key_is_windows_safe(self, fetcher, cache,
mock_authenticator):
provider_arn = 'arn:aws:iam::123456789012:saml-provider/Example'
role_arn = 'arn:aws:iam::123456789012:role/monty'
saml_assertion = create_assertion(
['%s, %s' % (provider_arn, role_arn)])
retrieve = mock_authenticator.retrieve_saml_assertion
retrieve.return_value = saml_assertion
fetcher.fetch_credentials()
cache_key = '0cebd512540a4f5fe2edce26319cf1cf3138684f'
assert cache_key in cache
def test_arns_stripped(self, fetcher, mock_authenticator):
provider_arn = 'arn:aws:iam::123456789012:saml-provider/Example'
role_arn = 'arn:aws:iam::123456789012:role/monty'
saml_assertion = create_assertion(
['%s, %s' % (provider_arn, role_arn)])
retrieve = mock_authenticator.retrieve_saml_assertion
retrieve.return_value = saml_assertion
creds = fetcher.fetch_credentials()
assert creds['AccessKeyId'] == 'foo'
assert creds['SecretAccessKey'] == 'bar'
assert creds['SessionToken'] == 'baz'
def test_cache_key_is_windows_safe(self, fetcher, cache,
mock_authenticator):
provider_arn = 'arn:aws:iam::123456789012:saml-provider/Example'
role_arn = 'arn:aws:iam::123456789012:role/monty'
saml_assertion = create_assertion(
['%s, %s' % (provider_arn, role_arn)])
retrieve = mock_authenticator.retrieve_saml_assertion
retrieve.return_value = saml_assertion
fetcher.fetch_credentials()
cache_key = 'af7a32316c966f76d660f9610c0ec56d91bb2f03'
assert cache_key in cache
def test_log_handler_parses_dict(mock_requests_session, argv, prompter,
client_creator, cache_dir, caplog,
mock_pkg_resources):
session_token = {'sessionToken': 'spam'}
token_response = mock.Mock(spec=requests.Response,
status_code=200,
text=json.dumps(session_token))
provider_arn = 'arn:aws:iam::123456789012:saml-provider/Example'
role_arn = 'arn:aws:iam::123456789012:role/monty'
saml_assertion = create_assertion(['%s, %s' % (provider_arn, role_arn)])
assertion_form = '<form><input name="SAMLResponse" value="%s"/></form>'
assertion_form = assertion_form % saml_assertion.decode('ascii')
assertion_response = mock.Mock(spec=requests.Response,
status_code=200,
text=assertion_form)
mock_requests_session.post.return_value = token_response
mock_requests_session.get.return_value = assertion_response
argv.append('--verbose')
saml(argv=argv,
prompter=prompter,
client_creator=client_creator,
cache_dir=cache_dir)
expected_params = {
'PrincipalArn': provider_arn,
'RoleArn': role_arn,
'SAMLAssertion': saml_assertion.decode('utf-8')
}
expected_log_message = (
'Retrieving credentials with STS.AssumeRoleWithSaml() using the '
'following parameters: %s' %
json.dumps(expected_params, indent=4, sort_keys=True))
expected_log = ('awsprocesscreds.saml', logging.INFO, expected_log_message)
assert expected_log in caplog.record_tuples
