async def test_assumerolecredprovider_assume_role_no_cache(
credential_provider, assumerolecredprovider_config_loader):
creds = credentials.AioCredentials('a', 'b', 'c')
provider1 = credential_provider('provider1', 'CustomProvider1', creds)
provider2 = credential_provider('provider2', 'CustomProvider2')
provider = credentials.AioCanonicalNameCredentialSourcer(
providers=[provider1, provider2])
result = await provider.source_credentials('cUsToMpRoViDeR1')
assert result is creds
response = {
'Credentials': {
'AccessKeyId': 'foo',
'SecretAccessKey': 'bar',
'SessionToken': 'baz',
'Expiration': some_future_time().isoformat()
},
}
client_creator = assume_role_client_creator(response)
provider = credentials.AioAssumeRoleProvider(
assumerolecredprovider_config_loader(),
client_creator,
cache={},
profile_name='development')
creds = await provider.load()
# So calling .access_key would cause deferred credentials to be loaded,
# according to the source, you're supposed to call get_frozen_credentials
# so will do that.
creds = await creds.get_frozen_credentials()
assert creds.access_key == 'foo'
assert creds.secret_key == 'bar'
assert creds.token == 'baz'
async def test_assumerolefetcher_mfa():
response = {
'Credentials': {
'AccessKeyId': 'foo',
'SecretAccessKey': 'bar',
'SessionToken': 'baz',
'Expiration': some_future_time().isoformat(),
},
}
client_creator = assume_role_client_creator(response)
prompter = mock.Mock(return_value='token-code')
mfa_serial = 'mfa'
refresher = credentials.AioAssumeRoleCredentialFetcher(
client_creator,
credentials.AioCredentials('a', 'b', 'c'),
'myrole',
extra_args={'SerialNumber': mfa_serial},
mfa_prompter=prompter)
await refresher.fetch_credentials()
# Slighly different to the botocore mock
client = client_creator.return_value
assert client._call_count == 1
call_kwargs = client._called[0][1]
assert call_kwargs['SerialNumber'] == 'mfa'
assert call_kwargs['RoleArn'] == 'myrole'
assert call_kwargs['TokenCode'] == 'token-code'
async def test_assumerolefetcher_cache_in_cache_but_expired():
response = {
'Credentials': {
'AccessKeyId': 'foo',
'SecretAccessKey': 'bar',
'SessionToken': 'baz',
'Expiration': some_future_time().isoformat(),
},
}
client_creator = assume_role_client_creator(response)
cache = {
'development--myrole': {
'Credentials': {
'AccessKeyId': 'foo-cached',
'SecretAccessKey': 'bar-cached',
'SessionToken': 'baz-cached',
'Expiration': datetime.datetime.now(tzlocal()),
}
}
}
refresher = credentials.AioAssumeRoleCredentialFetcher(
client_creator,
credentials.AioCredentials('a', 'b', 'c'),
'myrole',
cache=cache)
expected = get_expected_creds_from_response(response)
response = await refresher.fetch_credentials()
assert response == expected
async def test_assumerolefetcher_cache_key_with_role_session_name():
response = {
'Credentials': {
'AccessKeyId': 'foo',
'SecretAccessKey': 'bar',
'SessionToken': 'baz',
'Expiration': some_future_time().isoformat()
},
}
cache = {}
client_creator = assume_role_client_creator(response)
role_session_name = 'my_session_name'
refresher = credentials.AioAssumeRoleCredentialFetcher(
client_creator,
credentials.AioCredentials('a', 'b', 'c'),
'myrole',
cache=cache,
extra_args={'RoleSessionName': role_session_name})
await refresher.fetch_credentials()
# This is the sha256 hex digest of the expected assume role args.
cache_key = ('2964201f5648c8be5b9460a9cf842d73a266daf2')
assert cache_key in cache
assert cache[cache_key] == response
async def test_canonicalsourceprovider_source_creds(credential_provider):
creds = credentials.AioCredentials('a', 'b', 'c')
provider1 = credential_provider('provider1', 'CustomProvider1', creds)
provider2 = credential_provider('provider2', 'CustomProvider2')
provider = credentials.AioCanonicalNameCredentialSourcer(
providers=[provider1, provider2])
result = await provider.source_credentials('CustomProvider1')
assert result is creds
async def test_credresolver_load_credentials_single_provider(
credential_provider):
provider1 = credential_provider('provider1', 'CustomProvider1',
credentials.AioCredentials('a', 'b', 'c'))
resolver = credentials.AioCredentialResolver(providers=[provider1])
creds = await resolver.load_credentials()
assert creds.access_key == 'a'
assert creds.secret_key == 'b'
assert creds.token == 'c'
async def test_assumerolefetcher_no_cache():
response = {
'Credentials': {
'AccessKeyId': 'foo',
'SecretAccessKey': 'bar',
'SessionToken': 'baz',
'Expiration': some_future_time().isoformat()
},
}
refresher = credentials.AioAssumeRoleCredentialFetcher(
assume_role_client_creator(response),
credentials.AioCredentials('a', 'b', 'c'), 'myrole')
expected_response = get_expected_creds_from_response(response)
response = await refresher.fetch_credentials()
assert response == expected_response
def test_credentials_normalization(access, secret):
c = credentials.AioCredentials(access, secret)
assert isinstance(c.access_key, type(u'u'))
assert isinstance(c.secret_key, type(u'u'))